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Next Month: SYSTEM ADMINISTRATION 


Most of the time, it's "I'm gonna beat you like red-headed sysadmin", but when 
things break, nobody gets more respect than a sysadmin. Next month, we've got 
the stuff you need to fortify your sysadmin toolkit even further. 

Find out how AlienVault can help secure your systems and look good while doing 
it. Find out about SSH tunneling and how secure it really is. Find out how to hook 
up Nagios directly to SMS and show your teenagers what "texting" is all about. 

For the home sysadmin, find out how to automate your backups and be ready for 
that next disk crash or the next time you accidentally delete something important. 

All that and more, coming next month in Linux Journal. 
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SHAWN POWERS 


2010, the Year Linux 
Skips the Desktop 


T he phrase "Year of the Desktop" is so 
cliche, it almost hurts me to write it. I 
say this year, we strive to move beyond 
the desktop! Before we get in line for our 
GNU brain implants, however, let's take this 
issue to celebrate what we're leaving behind. 
When you see how cool the Linux desktop is 
currently, you might have to postpone the 
soft-tissue kernel module another year or so, 
and 2010 can be the year Linux is ready for 
the desktop. Again. 

Dave Taylor starts us out with automating 
Twitter responses. I may not have a brain 
implant, but my Twitter stream often makes it 
seem like I do. If you wish your Twitter stream 
would carry on conversations without you, be 
sure to read Dave's article this month. If you 
want to go one step further and control your 
automated Twitter stream from a coffee shop 
in the tropics, you'll want to connect back 
home securely. Mick Bauer shows us all about 
OpenVPN in his Paranoid Penguin column. 
VPNs are extremely convenient for remotely 
administering a network, and as a bonus, the 
shady guy at table 5 can't sniff your packets. 

Speaking of shady guys, Kyle Rankin takes 
the opposite approach this month. Instead of 
connecting to a remote server with a VPN, 

Kyle shows us how to install our own local 
mail server. He assures me it is not because he 
cruises around the West Coast wardriving for 
open Wi-Fi to send spam in bulk, but he also 
promised me I could really make a lot of 
money if I set up a deal with a Nigerian 
prince. So although I don't suggest you use 
your fresh new e-mail server to spam people, 
Kyle does show us how a mobile postfix 
install can be really useful. 

Because this is our desktop issue, we really 
can't count on Kyle for a good representation 
of what Linux looks like. Anyone who relies 
on Mutt and Irssi all day wouldn't understand 
the beauty behind KDE 4. Love it or hate it, 
KDE 4 has got the glitz. Whether it's the 
developer interview about the future of KDE 


from Jos Poortvliet (which, so far, doesn't 
include brain implants) or the Plasmoid 
tweak-fest from Riccardo laconelli, we tell 
you all about KDE's present and future. Heck, 
even your Windows buddies can play along, 
as Stuart Jarvis shows us. KDE 4 also will run 
under Microsoft conditions! 

Thankfully, the future of Linux is pretty 
much out of our hands by now. We're all 
getting older, and really it's the kids who will 
reap the benefits of the stable legacy we've 
given them. Dirk Elmendorf demonstrates 
some of the ways kids can really take advan¬ 
tage of the Linux desktop. So while in our 
circles we might still be arguing over which 
is better, Microsoft Office or OpenOffice.org 
(Bruce Byfield has a comparison for us this 
month), our kids probably will be wondering 
why we bothered typing at all. They'll be 
either thinking text to each other or, at the 
very least, using a touchscreen instead of 
those quaint "keyboards" we're so accustomed 
to. Daniel Bartholomew shows us what that 
might look like with his review of the Always 
Innovating Touchbook. 

Don't worry if brain implants or KDE 
Plasmoids aren't your cup of tea. We still have 
our regular line up of product reviews, tech tips, 
programming and scripting. So whether you 
want to ride the Ruby Rails with Reuven Lerner 
or run remote applications tunneled over the 
network with Michael J. Hammel, this issue is 
bound to tickle your fancy in one way or anoth¬ 
er. We hope you enjoy this "Desktop" issue, and 
we look forward to next year's neural interface 
APIs, brain pinout diagrams and how to firewall 
your frontal cortex. For now, we'll just have to 
stick with ear buds and really loud music for 
direct cranial communication. ■ 


Shawn Powers is the Associate Editor for Linux Journal. He’s also the 
Gadget Guy for LinuxJournal.com. and he has an interesting collection of 
vintage Garfield coffee mugs. Don’t let his silly hairdo fool you. he’s a pretty 
ordinary guy and can be reached via e-mail at shawn@linuxjournal.com. 
Or. swing by the #linuxjournal IRC channel on Freenode.net. 
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X 
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Intel® Xeon® Processor 
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E5504 2GHz 

Memory 
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SATA 

SATA 

SATA 
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Windows Storage Server 2008 
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Linux Storage System 
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Not Available 
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Powerful. 
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Prices for the above specific configurations obtained from the respective websites on Oct. 12, 2009. Intel, Intel Logo, Intel Inside, Intel Inside Logo, Pentium, Xeon, and 
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Those Crazy Engineers 

I really enjoyed Joey Bernard's "People, 
Research, Excellence" in the Upfront 
section of the November 2009 issue about 
using Linux tools for processing scientific/ 
engineering data. Being an engineer, I can 
confirm that we do indeed use these kinds 
of data-processing tricks. We often string 
them together in pipelines. 

We used to have a friendly competition to 
see who could string together the longest 
pipeline. Double pipelines were common, 
and soon triple pipelines became common 
too. We even had the occasional "quadruple 
piper" show up. 

However, we finally bestowed the coveted 
"Hooka Award" to a five pipeline string. I 
do not remember the exact sequence, but 
it involved grep, sort, cut paste, awk and 
xgraph. It may have been done with fewer 
pipes in awk, but it met the committee's 
criteria of unique, useful and nonredundant 
functions for each pipe. 

Henry Hojnacki 

Goggle Hacks? 

Thanks to Kyle Rankin for reviewing the 
Vuzix VR920 goggles in the December 2009 
issue. This set of video goggles looks to be 
nice for video gaming, but depending on 
how someone can feed the two screens, it 
may be better suited for those who put on 
mascots. If Vuzix makes a version that takes 


DVI input and works with the BeagleBoard, 
what's to stop someone from integrating 
two Webcams into a head of a mascot? This 
will work nicely with hobbyists as well as the 
special-effects industry. Jim Henson could be 
proud! Thanks for the great article. 

Kelly Price 

Calculating Distance 

Coincidently, Dave Taylor's columns on 
calculating latitude and longitude in the 
November and December 2009 issues were 
published at the same time I was writing 
some code (though not a shell script) to do 
the same thing for a client. The only problem 
I can see in Dave's solution is the conversion 
from kms to miles. One mile is equal to 
0.621371 kms. Dave's answer to the distance 
between Long Beach, CA, and Boston, MA, 
is pretty close. Calculating the distance 
between Boston's Logan airport and Long 
Beach's Daugherty Field, I calculate 2594.8 
miles. A flight-planning program I use puts 
the distance at 2594.5 miles. I would chalk 
Dave's difference up to the Yahoo Maps 
route, which will not be a straight line. 

Ed Rubinsky 

Microsoft Trolls? 

I too think Linux Journal is getting letters 
from Microsoft Trolls [see the "Linux on the 
Desktop, Continued" letter in the December 
2009 issue]. For example, the author of the 
"Dark Days?" letter in December 2009 issue 
claims he bought a small laptop running 
Linux. He didn't specify what laptop or what 
distribution. (There's a clue.) He claims it 
was incompatible with 3 mobile broad¬ 
bands. He claims he had no success loading 
Java. He claims he had no luck loading a 
(USB?) 56k modem for emergency use. 
What a crock of cranberries. 

A little over a year ago, I bought an ASUS 
901 Eee PC from Target. Out of the box, 

I had no trouble connecting one of three 
unsecured Wi-Fis in my multi-unit condo. 

I didn't try the other two. Later on, I was 
able to connect to the Wi-Fi at a local pub¬ 
lic library with no problem. Still later, I was 
able to connect to my son's encrypted Wi-Fi 
(that did take a few minutes of fiddling). 

I have a hard-wired network. It was no 
problem to incorporate the 901 into it. 


Just bring up a terminal screen on it 
(pressing Ctrl-Alt-t does that) and tweak a 
couple configuration files. Oh, did I mention 
I can print documents from the 901 to the 
printer attached to my primary PC? 

The 901 came with Java on it. It's version 
1.5. I installed 1.6.0_7 so I could run 
Moneydance on it. I had to tweak 
Moneydance's startup bash script so it 
would find where I installed it. Moneydance 
runs just fine. I installed MySQL on it so I 
could run my automobile fuel purchases 
and maintenance log software on it. 

I had to install emeditor so I could invoke the 
software I installed from the GUI. It's running 
the Linux distro it came with. It does what I 
need it to do without changing the OS, so I 
didn't bother. It worked fine right out of the 
box for all the ordinary things—connecting 
to a Wi-Fi access point, doing e-mail, 
accessing the Web, writing, viewing pictures, 
watching YouTube videos and so on. True, 

I had to know something about using a 
computer before I could customize it, but 
so what? That's true for any of them. 

One last thought. You know how to 
cripple a computer? Get rid of the 
command-line interface. 

Dan Curtis 

Although I'm not convinced the letters are 
from Microsofty folks, I admit it's often a bit 
odd to hear the problems people claim to 
have with their laptops. But then again, I got 
an Acer Aspire One 751 h and had boatloads 
of problems. If the person is truly a new 
user, it's unlikely he or she knows what to 
specify when asking for help — "Uh, it's blue, 
does that help?" So it's very likely people are 
having legitimate concerns. The truth of the 
matter is that I'm unlikely to get flustered 
with scathing letters to the editor complain¬ 
ing about Linux's shortfalls. Our community 
is one that should strive to be open and 
helpful when people are looking for help 
and lend a sympathetic ear when people just 
want to vent. Why? Because if our goal is to 
help people understand the value of open 
source, we need to be that value. 

So if they are trolls, I say bring 'em on. 
Some of the best Linux advocates were 
Windows users at one time! — Ed. 
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SheevaPlug Please 

Hello, your magazine mentioned the 
SheevaPlug briefly (www.linuxjournal.com/ 
article/10440), but I think that this interest¬ 
ing little device might be a good target for 
review. I've been thinking of getting one, 
as I'd love to have a Web server at home, but 
I don't want to have yet another machine 
sucking up power (not to mention, leaving 
it on all the time, avoiding distro hopping 
and so on, just to make sure that my 
server doesn't suffer from downtime). The 
SheevaPlug seems to be a full ARM-based 
(and tremendously low-power!) computer 
the size of an AC adapter, perfect for SSH 
and setting up whatever server a user 
would desire. I have found some reviews 
on-line, but none from sources that I trust 
as much as Linux Journal. Anyway, here's 
to hoping that one of your writers takes it 
for a spin sometime! 

Tuxly_Tuxford_McTuxtington 

I agree. In my house, the "server room" is 
our closet , and with a full-blown computer 
running in there, it gets hot! Not only are 
we interested in the SheevaPlug, but we also 
have an article lined up. Stay tuned for our 
take soon. (I'm actually waiting for the article 
to decide if /want to get one too!) — Ed. 

Thanks Microsoft! 

Like many geeks, people often ask me 
to fix their computers. Thanks to Vista and 
Windows 7, this has been happening a lot 
more often. I make a good bit of money, and 
I often convince them to install an "extra 
operating system" for free. I tell them, "if 
worse comes to worse, and Windows fails 
again, you always can use Ubuntu as a 
backup operating system so you still can 
get on-line or whatever. But, it is a very 
good OS and you should check it out." 

So, I customize it for them (people can 
be very militant about docks or where a 
taskbar is). I also resolve possible wireless 
problems or blacklist modules that could 
cause hardware problems, and usually I 
like to put a little text document on their 
desktop as a quick walk-through. 

So far, I have had only one person actually 
prefer Vista, in which case I removed 
Ubuntu for him. Everyone else has given 
me enormously positive feedback, and 
many have asked me to remove Windows 
altogether. A lot of the time, they even pay 
me a little extra. So, I would like to thank 


Microsoft for all the extra business and 
money it has been throwing my way. 

Zachay Bittner 

Awesome. Might I add, installing things 
like Dropbox (dropbox.comj and Xmarks 
(xmarks.comj can make such transitions 
much less painful. If people have access to 
their documents and bookmarks, it makes 
using other computers pretty painless. Also, 
be sure to install lots of fun games in Linux. 
Even Solitaire gets old after a while, and they 
might reboot just to play Frozen Bubble/— Ed. 

Work the Shell and C 

Without looking it up for confirmation, it 
appears that your distance program [see 
Dave Taylor's "Calculating the Distance 
between Two Latitude/Longitude Points" 
in the December 2009 issue] is calculating 
doubles from input args parsed as floats (via 
atof). It's just a guess, but that would proba¬ 
bly introduce those darn rounding errors. 

Frank Brown 

Dave Taylor replies: That's a good 
possibility. I'll dig into that one and see 
where I get. Thanks. 

Desktop Linux? Not Yet 

I have been a fan of Linux from its beginning 
and have followed the debate of whether 
it is ready for the general desktop as a main 
competitor to Windows. However, time 
and again I have been disappointed. My last 
confrontation was with Ubuntu, which I 
installed on my Dell Inspiron 530s. The wire¬ 
less card has the Broadcom chipset (4328 rev 
3), and it turns out this is not supported by 
any Linux distribution (out of the box). You 
can go through some contortions and install 
the drivers yourself, and I was able to do it 
for Ubuntu 9.04 but not for 9.10. Now, 
Dell is the first or second biggest computer 
maker, and Broadcom is also a major wire¬ 
less chip supplier, so how come they are not 
supported by Linux (and this problem has 
been known for at least 2-3 years)? Even if 
Broadcom does not release its driver source 
code, why wouldn't the Linux distributors 
provide a simple script to install the right 
driver? This and similar problems prevent 
Linux from being a real competitor to 
Windows on the desktop. 

Eli Sternheim 

Sigh. Up until Windows 7, installing drivers 


(that strange contortion) on Windows was 
much more common than the need on 
Linux. Even companies that don't provide 
source code aren't the problem — it's not 
providing any driver support for Linux. Take 
NVIDIA, for example. There is no source 
code for its drivers, but it supports the 
Linux community by providing close- 
sourced binary drivers for its hardware. 

The other side of the coin is that hardware 
changes so often, a revision 3 vs. a revision 
2 could be drastic. Shouldn't it be up to 
Dell to provide the drivers? If you want a 
driver for the Dell for Windows, you go to 
Dell's support site. Shouldn't Dell do the 
same for Linux? When it's all said and 
done, the Linux community is doing a fairly 
remarkable job supplying workarounds for 
strange hardware. Hopefully, support will 
continue to get better, even if vendors 
don't actively help! — Ed. 

Dave Taylor's Problems 
with Distance 

I think the distances computed by Dave's 
distance.c program are okay [see Dave's 
Work the Shell in the December 2009 issue]. 

I started to check the formulas carefully 
and then had an idea: Wolfram|Alpha 
(www.wolframalpha.com). Entering 
"denver, co to Chicago, il", I got 916.7 
miles—quite close to Dave's 917.984. 
Then, "long beach, ca to boston, ma" 
yielded 2,599 miles—pretty darn close 
to Dave's 2,597.53 miles. I would say 
his computations are okay. 

So, why do the computations yield 2,599, 
when Yahoo Maps says it's 3,015, a good 
400 miles longer? If you display the route 
chosen by Yahoo, it definitely does not 
look like a straight line. But the computed 
distance is along a great circle, not a straight 
line, and if you draw a great circle between 
the BOS and LGB airports using GPS Visualizer 
(www.gpsvisualizer.com/calculators), 
it is surprisingly close to the road route 
shown by Yahoo. (By the way, GPS 
Visualizer says the distance is 2,598.4 
miles, so I think you can quit worrying 
about your distance computations.) 

It may be that there is a fractal effect here: 
when the route is viewed from afar, it looks 
like a fairly smooth curve. However, if each 
short segment is examined, there probably 
is a lot of zigzag. (But 400 miles of zigzag?) 

Roger House 
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Dave Taylor replies: Roger ,; / like 
your answer. We'll tally It up to a lot 
of sidetracks and Inefficient roads. 

A Penguin with Good Eyesight 

I was in a reflective mood today and 
thought I should share some of my 
thoughts to encourage those of you 
cutting your teeth with Linux. Five years 
ago, I knew absolutely nothing about this 
glorious operating system, and I am within 
a month's time going to be starting up the 
first LUG in our community with 20 termi¬ 
nals available, so we can start collectively 
raising up new "Penguins" throughout 
our city. If you are discouraged with not 
knowing what in the world the terminal 
is, or if you think that "apt-get" is com¬ 
puter lingo for a "hiccup" or "yum" is an 
edible OS, you are not alone. 

What I have found to be an invaluable 
resource is this magazine. At first, I 
thought I was reading some kind of 
hieroglyphic, but eventually, I caught on 
to one thing and then another. My wife 
thinks I am celebrating Christmas when 
my trip to the mailbox renders the next 
month's copy of LJ. I can't wait to read 
every page from front to back, even if I 
don't understand about 50% of it! 

Bill Hybels, an American author, once 
said, "Visionary people face the same 
problems everyone else faces; but 
rather than get paralyzed by their prob¬ 
lems, visionaries immediately commit 


themselves to finding a solution." This 
is how I view Linux and the Linux com¬ 
munity. My goal is to one day see my 
community hosting a Linux conference. 
It may not be of the same scale as 
many advertised within LJ, however, 
Linux has inspired me to go from a 
computer user paralyzed with problems 
to a "Penguin with good eyesight". 

If you are a new user, hang in there. Be 
a good researcher. Learn to dual-boot. 
The pain of learning this OS pays off 
in no time. I spent 30 hours trying to 
work with my former OS and could 
not fix the problems I was having. I 
dedicated 30 hours to learning my 
new OS, and it was time spent wisely. 

Much thanks to all who have contributed 
to this magazine and my growth as a 
Penguin. May we all improve our Vision! 

Dean Anderson 

Aw, shucks Dean, you're making us 
blush! Regarding a community Linux 
event, to be completely honest, they're 
usually at least as helpful as the big 
ones. My suggestion would be to start 
small. Perhaps Invite a couple school 
techs to your LUG meetings and so on. 
I'm a big fan of Linux In education, so 
my suggestion may be biased, but If 
you can get kids using Linux in school, 
total world domination is the next 
logical step! — Ed. 
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PHOTO OF THE MONTH 


Have a photo you'd like to share with LJ readers? Send your submission to 
publisher@linuxjournal.com. If we run yours in the magazine, we'll send you a free T-shirt. 



Here are a couple shots of me doing some tower work on a pair of long-distance 802.11 
Wi-Fi links. The equipment being installed is a pair of Ubiquiti Bullet2-HP radios, which 
are Linux-based. They are actually replacing a pair of Cisco radios that were found to be 
incredibly fragile. One of the wireless links provides service to a fireworks company 
(Premier Pyrotechnics) located about 11 miles from the city of Richland, Missouri. The 
other is to provide service to the company president, both of which are located in areas 
where any sort of broadband is completely unavailable other than satellite service. You 
can see, my Open Source backpack and Ubuntu backpacks came in handy for doing the 
“heavy lifting”. Submitted by Nathan Neulinger. 
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INTRODUCING 

Linux Journal's 2010 Wall Calendar! 



This calendar measures 11" x 8.5" and features 28 pages total—12 months 
of artwork, calendars (Jan - Dec 2010), room for notes and more. 



The Linux Journal 2010 Wall Calendar has been 
printed in limited quantities so place your order 
soon—they won't last long! 

Only $12.95 at store.linuxjournal.com 
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NEWS + FUN 


diff -u 

WHAT’S NEW IN KERNEL DEVELOPMENT 


The git and quilt tools were developed 
by Linus Torvalds and Andrew 
Morton for the same reason—to help 
organize patches. But part of Andrew's 
motivation in developing quilt was to 
avoid having to adapt his work habits 
to git. So, what do you get if you cross 
those two tools together? Apparently, 
you get StGit (stacked git), a Python 
script developed by Catalin Marinas 
and various others. It emulates quilt's 
ability to push and pop patches onto 
and off of a stack, but it does so on top 
of a full git repository. Thus, users can 
take advantage of the full range of git 
features, in addition to the pushing and 
popping features of quilt. 

Large numbers of occurrences of 
the big kernel lock (BKL) are being 
expunged from the kernel. This isn't 
exactly news, but the pace of BKL 
patches seems to have stepped up 
lately. The basic pattern seems to be 
to push the BKL out of the core code 
and into specific drivers. This way, 
only a single piece of code relies on a 
given occurrence of the BKL. This lets 
the developers replace just that 
occurrence with something that does 
a different kind of locking that works 
for just that bit of code. The whole 
problem with eradicating the BKL is 
that the true locking requirements of 
anything that uses it are really very 
different from each other. So, if a lot 
of stuff depends on a single instance 
of the BKL, it's just impossible to 
recode that instance of the BKL to be 
less heavy-handed and still work for 
everyone. That's one reason why vari¬ 
ous folks used to say getting rid of 
the BKL would be nearly impossible. 
But lately, thanks to this whole pro¬ 
cess, folks like Thomas Gleixner and 
Jan Blunk and others are ripping the 
BKL out of the kernel in big fistfuls. 

On systems with tons of CPUs, 
just listing the boot messages on 
the screen can cause big delays in the 
boot process and produce so much 
output, any information that actually 
might be useful for debugging is 


simply buried under tons of other 
data. Mike Travis calculated that 
with 4,096 processors and a console 
baud rate of 56K, the boot messages 
would take almost an hour and a 
half just to display. He's posted some 
patches and worked with various 
folks like Andi Kleen and Ingo 
Molnar to help reduce the number 
of less-relevant messages that come 
through during startup. 

Relicensing kernel code is tricky. 
You need to get permission from every¬ 
one who's submitted patches, because 
those people hold the copyright on their 
own contributions and have (modulo 
some legal fuzziness) released their 
code under the same license as the 
rest of the code, or under the licensing 
that they specify when they submit the 
patch. So, when Mathieu Desnoyers 
wanted to dual-license portions of the 
tracepoint code under the GPL and 
the LPGL, and other portions under 
the GPL and BSD licenses, he had to 
ask all the contributors for permission. 

In the old days, that would be 
a nonstarter, because identifying all 
contributors would involve combing 
through mailing-list logs and Usenet 
logs, and even then, there wouldn't be 
any guarantee that everyone had been 
found. With the advent revision control 
for the kernel and the Signed-Off-By 
headers that are now standard with all 
patch submissions, it's now trivial to list 
everyone who's contributed to a piece 
of the kernel, as far back as the revision 
control records go. 

Even so, actually getting everyone's 
permission is not always a done deal. 

In this case, Ingo Molnar rejected 
Mathieu's request, putting Mathieu 
in the position of either having to 
abandon the project, persuade Ingo 
to change his mind or extract Ingo's 
code and relicense the remainder, 
which would be very difficult. It's 
unclear how this particular case will 
turn out, but it's at least possible the 
relicensing will take place. 

— ZACK BROWN 


They Said It 


Few things are harder to put up with than 
the annoyance of a good example. 

—Mark Twain 


It won't be covered in the book. The 
source code has to be useful for some¬ 
thing after all. 

—Larry Wall 


The first 90 percent of the task takes 90 
percent of the time, and the last 10 percent 
takes the other 90 percent of the time. 

—The Ninety:Ten Rule 


Strange as it seems, no amount of learning 
can cure stupidity, and higher education 
positively fortifies it. 

—Stephen Vizinczey, An Innocent 
Millionaire (1983) 


Aoccdrnig to a rscheearch at an Elingsh 
uinervtisy, it deosn't mttaer in waht oredr 
the Itteers in a wrod are, the olny iprmoet- 
nt tihng is taht frist and Isat Itteer is at the 
rghit pclae. The rset can be a toatl mses 
and you can sitll raed it wouthit porbelm. 
Tihs is bcuseae we do not raed ervey Iteter 
by it slef but the wrod as a wlohe. 

—Unknown 


I am patient with stupidity but not with 
those who are proud of it. 

—Edith Sitwell, quoted in The Last 
Years of a Rebel (1965) 


Now Hear This 


Even with modern Linux distributions, the 
inconsistency with onboard audio devices 
makes using headphones and microphones a 
hit-or-miss venture. When things work, they 
work great, but when things don't work, 
it's generally tough to get them going. 

Thankfully, there is an audio standard 
that seems to work pretty consistently 
across operating systems: USB. Although the 
thought of purchasing additional hardware to 
get sound into or out of your Linux machine 
might seem a bit frustrating, USB audio 
devices tend to have better sound quality 
than the cheap onboard audio devices that 
come with most laptops and desktops. 

Now, because I've given you this tip, you'll 
probably never need to use it. Still, it's good 
to know USB audio is very supported under 
Linux, and the devices are fairly standard. 
Plus, it's easy to add multiple audio devices 
with USB audio, which makes things like 
podcasting much easier! 

— SHAWN POWERS 
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NON-LINUX FOSS 


WinSCP is an open-source 
SFTP, FTP and SCP client 
for Windows. It provides 
two GUI interfaces: an 
Explorer-style interface 
and a Commander-style 
interface. You remember 
Norton Commander, 
right? In addition, it 
provides a command¬ 
line interface with 
scripting capability. 

WinSCP provides all 
the expected file opera¬ 
tions: uploading, down¬ 
loading, renaming, delet¬ 
ing, creating directories 
and so on. It also has the 
ability to synchronize local 
and remote directories. 
You can edit remote files using a local editor. It even gives you the ability to find 
files on the remote system. The GUI interfaces provide Windows integration: 
drag and drop, desktop and quick launch icons, "Send To" support and so on. 

WinSCP optionally allows you to store configuration information in a 
configuration file rather than in the registry for making your WinSCP configuration 
portable. WinSCP also provides U3 support, which is a proprietary method 
for formatting USB drives and auto-launching applications from them. 

WinSCP has been translated into numerous languages. The current stable 
release is 4.1.9, but version 4.2 may be available by the time you read this (at 
the time of this writing, the fourth beta version of 4.2 is available). 

— MITCH FRAZIER 
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LinuxJournal.com 


Sometimes you need to step away 
from the desktop. Bear with me on 
this for a sec. Seriously. 

Of all the Linux Journal staff 
members, I may be the least 
able to separate myself from my 
electronic life. Now and then I 
do find it is nice to go back to 
old-school methods of organizing 
myself. I ditch the mobile device, 
the Google apps, the multiple 
workspaces and use an old- 
fashioned, awesome Linux Journal 
wall calendar. 

See, we have this other Web site 
at www.linuxjournalstore.com 

where you can get all kinds of cool 
stuff. So you if you'd like a super¬ 
cool tricked-out office like I have, kick it old-school with me. Pick up a 2010 
calendar and let your geek flag fly. 

— KATHERINE DRUCKMAN 



LJ Index 

February 2010 


1. Windows XP percent market share: 70.48 

2. Windows Vista percent market share: 18.83 

3. Windows 7 percent market share (12 days after 
release): 2.15 

4. Mac OS X (all versions) percent market share: 5.27 

5. Linux (all versions) percent market share: 0.96 

6. iPhone percent market share (0/S market): 0.37 

7. Millions of Google hits for Windows: 7,330 

8. Millions of Google hits for Linux: 287 

9. Millions of Google hits for iPhone: 367 

10. Number of preferred “search” languages supported 
by Google: 45 

11. Number of user interface languages supported by 
Google: 129 

12. Number of official languages of sovereign 
countries: 116 

13. Number of sovereign countries: 203 

14. Number of Linux 1.0 kernels released: 1 

15. Number of Linux 1.2 kernels released: 14 

16. Number of Linux 2.0 kernels released: 41 

17. Number of Linux 2.2 kernels released: 27 
10. Number of Linux 2.4 kernels released: 71 

19. Number of Linux 2.6 kernels released (as of 
2.6.31.5): 328 

20. Sum of above statistics: 2,057.06 

Sources: 

1-6: marketshare.hitslink.com 1 7-9: www.google.com 
1 70,77; www.google.com/preferences I 
12: en.wikipedia.org/wiki/List_of_official_languages I 
13: en.wikipedia.org/wiki/Countries_of_the_world I 
14—19: www.kernel.org/pub/linux/kernel I 
20: OpenOffice.org Calc 
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[UPFRONT) 

Comparing Files 


You often may need to compare one 
version of a file to an earlier one or 
check one file against a reference file. 
Linux provides several tools for doing 
this, depending on how deep a 
comparison you need to make. 

The most common task involves 
comparing two text files. The tool of 
choice for this task is diff. With diff, you 
can compare two files line by line. By 
default, diff notices any differences 
between the two text files, no matter 
how small. This could be as simple as a 
space character being changed into a 
tab character from one file to the next. 
The file will look the same to a user, but 
diff will find that difference. The real 
power of diff comes from the options 
available to ignore certain kinds of differ¬ 
ences between files. In the above example, 
you could ignore that change from a 
space character to a tab character by 
using the -b or --ignore-space-change 
options, which tell diff to ignore any 
differences in the amount of whitespace 
from one file to the next. 

What about blank lines? The -B or 
--ignore-blank-lines options tell 
diff to ignore any changes in the num¬ 
ber of blank lines from one file to the 
next. In this way, diff effectively looks 
only at the actual characters when 
comparing the files, narrowing diff's 
focus to the actual content. 

What if that's not good enough for 
your situation? You may need to com¬ 
pare files where one was entered with 
Caps Lock turned on for some reason, 
or maybe the terminal being used was 
misconfigured. You may not want diff 
to report simple differences in case as 
"real" differences. In this situation, use 
the -i or - - i gnore-case options. 

What if you're working with files 
from a Windows box? Everyone who 
works on both Linux and Windows has 
run into the issue with line endings on 
text files. Linux expects only a single 
newline character, while Windows 
uses a carriage return and a newline 
character, diff can ignore this with the 
--strip-trailing-cr option. 

diff's output can take a few different 
formats. The default contains the line 
that is different, along with a number 
of lines right before and after the line in 


question. These extra lines are called 
context and can be set with the "-c", 
"-C" or "--context^" options and the 
number of lines to use for context. This 
default output can be used by the 
patch program to change one file into 
the other. In this way, you can create 
source code patches to upgrade code 
from one version to the next, diff also 
can output differences between files 
that can be used by ed as a script with 
the -e or - -ed options, diff also will 
output an RCS-format diff with the 
option -n or - -res. Another option is 
to print out the differences in two 
columns, side by side, with the -y or 
--side-by-side options. 

The diff utility compares only two 
files. What if you need to compare 
three files? diff3 comes to the rescue. 
This utility compares three files and 
prints out the diff statements. Again, 
you can use the -e option to print out 
a script suitable for the ed editor. 

What if you simply want to see 
two files and how they differ? 

Another utility might be just what you 
are looking for, comm. With no other 
options, comm takes two files and 
prints out three columns. The first 
column contains lines unique to the 
first file, the second column contains 
lines unique to the second file, and 
the third column contains lines common 
to both files. You can suppress each 
of these columns selectively with the 
options -1,-2 and -3. They suppress 
columns 1, 2 or 3, respectively. 

Although this works great for text 
files, what if you need to compare two 
binary files? You need some way to 
compare each and every byte in each 
file. Use the emp utility, which does a 
byte-by-byte comparison of two files. 
The default output is a printout of 
which byte and line contains the 
difference. If you want to see what the 
byte values are, use the -b option. 

The -1 option gives even more detail, 
printing out the byte count and the 
byte value from the two files. 

With these utilities, you can start to 
get a better handle on how your files 
are changing. Here's hoping you keep 
control of your files! 

— JOEY BERNARD 
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Linux in Education 


One of the biggest arguments used 
against Linux in grade-school-level 
education is that we aren't teaching kids 
to use the applications they'll need in 
the "real world". As the Technology 
Director for a K—12 school district, I've 
heard that argument many times. 
After all these years, I still don't buy it. 
Truthfully, to give kids a well-rounded 
education, we should expose them to as 
many different types of technology as 
we can. Children should be comfortable 
using whatever tool is at their disposal 
to accomplish a given task. This isn't 
a new concept by any stretch of the 
imagination. For some reason, when 
it comes to computers, however, the 
"Microsoft Mantra" is all too prevalent. 

Think about some other subject areas: 

■ Language: teachers begin teaching 
grammar to young kids. They start 
with the simple concepts, like differ¬ 
entiating between nouns and verbs, 
and move on to tougher things. By 
the time students are finished in high 
school, they've likely been given many 
different types of writing assignments. 
The concepts they've learned allow 
them to write well as they continue in 
life. Guess what though? I never once 
was taught to blog in school. It just 
didn't exist. Thankfully, because I was 
taught the concepts of writing and 
grammar, I'm able to pull off the 
crazy world of blogging as if I were 
specifically trained for it. 

■ Mathematics: just like with language, 
mathematics are taught with 
fundamentals. Specific problems are 
assigned (remember story problems?), 
but it's very clear that everything we 
learned in school was meant to be 
extrapolated upon. 

■ Reading: I didn't go to the most 
prestigious school in the country. 
Heck, I didn't even go to the best 
school in the area. I am very certain, 
however, that no school assigns 
every book ever written to their 
students. Even if they did, more 
books are published every day. 

Again, it's the concept of reading 
that we learn, not specific books. 


■ Driver's Ed: my first car was a 1978 
Volkswagen Diesel Rabbit. It was a 
four-speed manual transmission, and 
it had the touchiest clutch I've ever 
driven. In driver's ed, however, I 
drove a cute little Dodge with an 
automatic. Sure, when I finally got a 
car, I had to learn a few new things, 
but my driver's education and driver's 
license prepared me perfectly fine. 
The rules, procedures and, yes, 
concepts were all the same. 

So why are computers different? 

I think there are a few valid arguments 
for specific applications being taught 
in schools. For vocational programs, 
especially if they are computer-related, 
a firm grasp of the specific applications 
that will be used is slightly advantageous. 
Even with that, however, it's important 
to teach concepts, because programs 
change all the time. 

Higher-level education (college 
and so on) is certainly the time to 
begin specializing in specific areas. 
Some of those areas require certain 
applications and/or operating systems. 
Accountants, for example, might 
be expected to know how to use 
QuickBooks. Graphic designers 
probably would be expected to know 
Adobe Photoshop inside and out. 

At the grade-school level though, 
we need to teach children not only 
how to use technology, but also how 
to learn to use technology. If we can 
offer students the use of Windows, 
Linux and Macintosh, and teach them 
Web 2.0, handheld computing and 
application concepts, we prepare 
them to succeed. Isn't that what we 
ultimately want for kids? For them 
to succeed in whatever they do? 

Linux is the perfect tool for educa¬ 
tion. It plays well with other operating 
systems, and it offers such a wide 
variety of applications that it's silly not 
to expose children to its usage. Oh, 
and there's also that little thing called 
cost. For many schools, that alone can 
seal the deal. Linux offers more, costs 
less and even can fit well with existing 
tools. Why in the world wouldn't 
schools want Linux? 

— SHAWN POWERS 


Wave Goodbye to E-mail? 

Late last year, getting a Google Wave invite 
was reminiscent of getting a Cabbage 
Patch Kid in 1983. It was the newest 
gizmo everyone just had to have. As a geek, 

I was one of the kids begging the loudest. 
Thankfully, 
one of our 
readers from 
across the 
pond (Paul 
Howard, 
thanks!) sent 
me an invite, 
and I cleared 
my schedule 
for the product that was going to change 
the way I communicate. Only, it didn't. 

I'll admit, some of the reasons are not 
Google's fault. First, off, it wasn't even in 
beta yet. I also didn't really have anything I 
wanted to communicate with anyone. Even 
with those two things in mind, I did expect it 
to be fun to experiment with. Quite frankly, 
it seemed more cumbersome than helpful. 

In watching the demonstrations on 
the Google Web site, it seems apparent 
Google Wave was designed to solve some 
problems we've all faced in e-mail. Where I 
think Google may have gone wrong, how¬ 
ever, is in trying to solve a problem with 
additional technology that really we've all 
learned to manage anyway. Sure, Google 
Wave allows conversations to take place in 
one section, so everyone can see what's 
going on, but we've all solved that years 
ago with "reply all" and "forward". Yes, 
Wave allows for embedded photos, videos 
and so on, but let's be honest, we've all 
been attaching files and/or links for years. 



Google Wave Screenshot 

So what do you think? Am I off-base 
with my assessment? Is Google Wave 
changing the way you communicate? If so, 
I'd love to hear about it. You'll have to send 
me an e-mail though, because even though 
I got my Google version of the Cabbage 
Patch Kid, mine is still in the box. 

— SHAWN POWERS 
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Debugging Rails 
Applications 

reuven m. lerner |f anc j w h en y 0U g e t stuck working on a Rails application, some of 
these techniques will help you identify and solve the problem more 
quickly than before. 



The past few months, I've covered a number of auto¬ 
mated testing systems available to Ruby programmers 
in general and Rails developers in particular. Automated 
testing, especially when you use it before and while 
you develop (as opposed to afterward) is a terrific way 
to improve the quality of your design, as well as the 
robustness of your code. Whether you practice TDD 
(test-driven development), BDD (behavior-driven 
development) or something similar to the two, your 
software is likely to have fewer bugs and be more 
maintainable than its untested counterparts. 

So, does that mean software written in this way 
has no bugs? Let's not be silly—of course it does. 
But, if you have been serious about testing, you 
are likely to have fewer bugs, and they may well 
be harder to detect and more subtle. 

If the bugs are smarter (or craftier), your 
debugging and testing tools need to be smarter 
too. Fortunately, as the Ruby language and the Rails 
framework for Web development have become 
increasingly popular, a number of talented devel¬ 
opers have stepped up to the plate, offering a 
variety of sophisticated tools that can help you 
identify and squash bugs as they occur. 

This month, I describe a few of the tools that I 
use when developing Web applications using Ruby 
on Rails. If and when you get stuck working on a 
Rails application you are developing, I hope some 
of these techniques will help you identify and solve 
the problem more quickly than before. 

Look at the Logfiles 

I'm a big fan of logfiles. When something goes 
wrong on my computer or in a program I've written, 
my first instinct is to check the logs. When I am 
teaching a class in Rails development, and people 
ask why their program doesn't work, my first 
response always is to ask them what the logfile 
says. It can be an invaluable starting point for 
debugging problems. 

Fortunately for me, the Rails core team also 
likes logfiles quite a bit. Each environment—and 
there are three by default, for development, test¬ 
ing and production—has its own logfile, named 


log/ENVIRONMENT.Iog, under the application's 
root directory. 

Just what is put into the logfile depends on the 
settings you have made. By default, the develop¬ 
ment logs include a great deal more detail than the 
production logs, showing you (among other things) 
the actual SQL queries that are being sent to the 
database. Each log message has a level associated 
with it, much as you might have seen in other 
logging systems, such as Apache or log4j. A logged 
message is written to the logfile only if it is at least 
as important as the current environment's minimum 
logfile priority (in increasing order of priority: 
debug, info, warn, error and fatal). Thus, a fatal 
log message always will be written to the log, 
while a debug message will be written only if 
the current environment's log level is debug. 

The logfile is useful in at least two ways. First, 
it allows you to see what is happening inside your 
program as it executes, particularly when something 
goes wrong. In the development environment, a 
fatal error will produce a stack trace in both the 
browser and in the logfile. But in the production 
environment, you probably don't want the world 
to see the internals of your code's flaws. For this 
reason, stack traces appear only in the production log, 
while the browser shows an error message. Tracing 
through a logfile is, as I stated earlier, my favorite 
way to figure out what is happening in a program. 

In addition to the stack backtrace, the logs 
(and particularly the development logs) contain 
a wealth of other information, as you can see 
from this short example: 

Processing ReviewController#view_one_review (for 74.212.146.115 
at 2009-11-10 09:25:55) [GET] 

Session ID: 9513bd79785b3d037804b45709alfl2c 
Parameters: {"id"=>"2567"} 

Rendering template within layouts/one-review.rhtml 
Rendering review/view_one_review 
Completed in 1400ms (View: 16, DB: 973) | 200 OK 
[http://example.com/book_reviews/view_one_review/2567] 

The first line shows the date and time when the 
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request was made, the controller and action that 
were invoked, and the URL (at the bottom of the 
log entry) that caused that controller and action 
to be invoked. It shows that the HTTP response 
code was (200, or "OK") and how long it took to 
execute, giving you a rough sense of how efficient 
a particular method might be. And, you even get 
a breakdown of how long the database and view 
each took, allowing you to focus your optimization 
strategy on the truly needy methods in your system. 

You also get the full list of parameters that were 
submitted to the controller action. This has been 
particularly useful to me on numerous occasions 
when I get calls from clients. Being able to look at 
the parameters that were submitted to the controller 
action allows me to test those precise parameters 
and trace their usage through the system. 

Finally, you can see which view templates were 
rendered. Especially on a site with a complicated 
set of views, it's often helpful to know just what is 
being invoked and displayed. 

In the development environment, you also will 
see things like this: 

Parameter Load (1.9ms) SELECT * FROM "parameters" 

WHERE ("parameters"."paramjiame" = E 1 Blocked IPs' 

AND "parameters"."param_group" = E'Restrictions') LIMIT 1 
PaymentMethod Load (2.0ms) SELECT * FROM "paymentjnethods" 

WHERE (disabled = false) ORDER BY payment_method_name 
State Load (6.5ms) SELECT * FROM "states" ORDER BY abbreviation 

In other words, you can see when objects are 
being initialized from the database and what 
queries are being used in order to do this. 

So far, I've shown how you can use the default 
output in Rails logfiles to find useful information 
about what your application is doing. But I often find 
it useful to write information to the logfile as well, 
indicating where I am in the code or that a particular 
task has been accomplished. For example, on a book¬ 
store application that I worked on with a complicated 
pricing algorithm, I would log each calculation in that 
pricing algorithm to the logfile. This would allow us 
to "replay" the algorithms as users saw them and 
double-check our work in a variety of ways. 

To log information to the Rails logs, simply 
use the logger object and send it a message 
corresponding to the log level you want to use. 
For example, if you want to know whether a 
product is in stock, you could say: 

logger.warn "Checking to see if ISBN '#{isbn}' is in stock." 
if Isbn.in_stock?(["isbn = ? ", isbn]) 
logger.warn "UYup, we have it!" 
end 

Such "chatty" logs might be slightly inefficient, 


but they make it easier to read (and follow) what is 
going on inside your program, on the occasions 
when you need to read the logs to debug problems. 
Remember, you are creating these logfiles knowing 
you will need to read them someday, and by making 
them as enjoyable, flowing and enlightening as possi¬ 
ble, you will make that experience far more pleasant. 

I tend to use the warn level for most things I write 
to the logs and use debug when I want something 
to appear only in the development logs. If I have to 
display a complex data structure, I often will display it 
using YAML, with the .to_yaml method. This makes 
it easier to understand structures, particularly when 
you're interested only in one or two of its attributes. 

I'm also a heavy user of tail -f on logfiles, 
which allows me to see the logfile as it grows. 
Combined with grep, this makes it possible to 
search for the occurrence of particular methods, 
values or anything else that might appear in 
the logfile. For example, you can look for every 
mention of a Person object with: 

tail -f log/development.log | grep Person 

If I want to peek at a value across many different 
invocations, I sometimes will put a special marker, 
such as the method name, in my logger call, by 
putting the following in a controller method: 

logger.warn " [interestingjnethod] The value is ’#{foo}'." 

Notice that I put single quotes around the value; 
this allows me to identify whitespace and empty 
strings more easily. I then can see whenever this 
code is invoked: 

tail -f log/development.log | grep interestingjnethod 

Although I most commonly look at the develop¬ 
ment log (while writing code) and the production 
log (on a running server), I also have found occasion 
to look at the testing log, which shows the results 
of running tests. (If you are testing with Cucumber, 
realize that it has its own environment and logfile.) 

Use the Console 

I have been using logfiles to assist me in debugging 
and development for years, starting long before I 
began to use Rails. But logfiles allow you to see 
only what has happened in the past, passively. One 
of the best tools in a Rails developer's toolbox is the 
console, an interactive command-line interface that 
allows you to query, execute and test commands 
and variable values. If you are familiar with Ruby's 
"irb" for interactive work, the console will be 
familiar to you. 

The console often is the first place that I write 
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any code. It puts you in a context similar to that of 
a controller, allowing you to talk to the database 
via ActiveRecord, creating (and modifying and 
destroying) objects and assigning them. 

For example, I often play around with associa¬ 
tions and named scopes within the console, testing 
that I easily can retrieve one object through another 
or retrieve a subset of objects using a method call. 
For example, if I have a Person object and a Vehicle 
object, I should be able to say Person.new.vehicles 
in the console and get the empty array. Or, I should 
be able to use a named scope to say Person.men, 
retrieving only the men from the database. 

I also use the console a great deal to test objects 
for validity. The valid? method for ActiveRecord 
objects, coupled with the save! method that raises 
an exception when a save goes wrong, allows me 
to test objects to see whether ActiveRecord believes 
they're valid, and why. For example, if I say: 

Person.new.save! 

I should get a list (not formatted beautifully, I admit) 
of the validations that have failed—generally indicating 
which attributes need to be set in order to save the 
person successfully. True, you always could invoke 
the errors method on an object after a failed save, 
but I find this to be faster and more obvious, which 
is precisely why I'm in the console. 

I often use the console to piece together the 
methods I am going to use or just to experiment with 
code that eventually will go into a class or module. 
If you modify a model definition while you're in the 
console, you need to reload models with: 

reload! 

so that the console will be synchronized with the 
current state of the source code. 

By default, the console operates in the develop¬ 
ment environment, so that when you write: 

. /script/console 

you are talking to the development database. 

I should note that there are a number of Ruby 
gems designed to improve the irb experience. 

One of these is wirble, which colorizes and other¬ 
wise improves the irb interface. I have been using 
it for a while and find it hard to use irb without 
its various improvements. 

A newer entry is looksee, which provides a 
new Ip (lookup path) method that shows each of 
the methods an object responds to, categorized 
and sorted as a list of ancestors. Using Ip has 
made it easier for me to know just which class or 
module definition I need to inspect to investigate 


a particular method. 

If you want to use the console for a production 
environment, which I often do when debugging 
problems on a production server, you will need to 
state the name of the environment explicitly: 

./script/console production 

I should add that recent versions of Rails include 
a similar command, dbconsole, which allows you 
to talk directly to the relational database for the 
environment to which you're connected. I often 
use dbconsole instead of typing mysql or psql 
(depending on the system I'm using). Flowever, it's 
important to remember that when you work in the 
Rails console, the objects are subject to validations 
and other integrity checks that are not present in 
your raw connection to the relational database. 

So for safety's sake, it's usually a good idea to do 
things through Ruby, rather than the database. 
(Although if your database supports transactions, 
you can get some element of safety by doing all 
modifications within a BEG IN-COM MIT block.) 

Debugger 

The console, of course, is good for testing code, but 
you cannot run your entire Rails application inside 
the console. There are times, however, when 
you wish you could drop into the console just for 
a portion of your Rails application to poke around 
inside it. True, you could use logging statements 
to write the current state of affairs to the logfile, 
but there's nothing like interactively exploring an 
application from the inside to give you a better 
feeling about how it is working (or not). 

The solution to this problem is the deceptively 
simple ruby-debug gem, which you can install (like 
all Ruby gems) by saying: 

sudo gem install ruby-debug 

You then need to include the gem. This typically 
is done in the development and/or test environment, 
but not in the production environment, for obvious 
reasons. Inside of config/environments/development.rb 
(or test.rb), you add: 

require 'ruby-debug' 

and you're set to go! 

Under most circumstances, ruby-debug will do 
absolutely nothing. It won't affect your code, execu¬ 
tion or anything else. But if you drop the method: 

debugger 

into your Rails application, the application will halt 
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when it gets to that line and will give you a true 
debugger, looking something like GDB. You get a 
few lines of context around the current line, you 
can print current values (or any other expression) 
with the p command, and you can move forward 
in the program on a line-by-line basis with the n 
command. Your Web browser, which presumably 
triggers the debugger when it invokes a particular 
controller action, will hang while you are using 
the debugger, stepping through the code and 
inspecting the environment. 

To explore things more fully, you can drop into 
irb at any time, getting another version of the Rails 
console. This is good when you want to do some¬ 
thing more than just examine variable values— 
exploring the database, for example, or drilling 
down into the innards of the system. 

Note that because of the nature of ruby-debug, 
it's really only practical for use with HTTP servers 
that you run in the foreground, such as WEBrick. 

But there's nothing stopping you from having two 
different application instances (one using Phusion 
and one using WEBrick) running in the same 
environment or working on the same database— 
just make sure to run them on different ports and 
be sure to keep track of multiple tabs that you 
might have open in your Web browser. 

I've only begun to use ruby-debug seriously in 
the past few months, and I'm already wondering 
how I ever got along without it. If nothing else, 
exploring my application from the inside gives me 
many insights that I would never have had other¬ 
wise, and it gives me a chance to look at things 
actively, rather than just using logfiles. 

Third-Party Options 

Finally, you might want to try one or both of the 
commercial Rails services that have sprung up, and 
which provide monitoring and notifications for 
Rails applications. I should make it clear that both 
of these are hosted by for-profit corporations, and 
that although they are offering free versions of 
their products, their ultimate goal is presumably 
to make money. 

New Relic RPM is a performance monitor that 
you install into your Rails application as a plugin. 
Every few minutes, the plugin reports your current 
application status back to New Relic's servers, 
where the data is then made available in an 
easy-to-understand format. New Relic's basic offering 
is free, and although it is much more limited than 
the commercial versions, I have found it to be highly 
useful in giving me a snapshot of the current system 
performance and bottlenecks. If and when your site 
brings in some money, it might be worthwhile to 
pay for one of New Relic's commercial products, 
which provide not only an indication of controller 


and server performance from the last 30 minutes, 
but also from the last few weeks, as well as more 
detailed analyses of memory, database and CPU 
use, among other things. 

Hoptoad, a service run by Thoughtbot, is similar 
to New Relic RPM, in that it has a free version as 
well as a commercial one. Hoptoad is similar to 
many notification systems, and it sends you e-mail 
when an exception occurs in your application. 
However, it keeps track of the entire stack trace 
and request context, and it also keeps a log of it on 
Hoptoad's Web site, keeping similar errors together. 
You also can indicate when you have resolved a 
problem, using it as a primitive sort of bug-tracking 
application. (Although I find it annoying that you 
receive e-mail only the first time a particular error 
manifests itself, until you mark it as resolved.) 
Hoptoad has made inroads into many Rails projects 
on which I have worked, and I have found it to be 
more reliable and easier to use on my projects than 
simpler exception-notification systems. 

Conclusion 

Debugging Web applications has never been easy, 
but the Ruby on Rails community has managed to 
create a set of useful and powerful tools that can 
make a big difference to average Web developers. 
Whether you are a new developer or an experi¬ 
enced one, having these tools in your toolbox 
can make you more effective at finding bugs and 
at getting your application, bug-free, out the 
door for your customers. ■ 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) 
to their home in Modi’in. Israel, after four years in the Chicago area. 


Resources 


A good introduction to the whole subject of debug¬ 
ging in Rails is in the Rails Guides series, specifically 
the article on debugging: guides.rubyonrails.org/ 
debugging_rails_applications.html. 

A slightly out-of-date tutorial on ruby-debug, but one 
that is straightforward and easy to understand, is 
by Patrick Lenz at articles.sitepoint.com/article/ 
debug-rails-app-ruby-debug. 

Amy Hoy, as often is the case, has many 
entertaining and useful things to say on the 
subject: slash7.com/articles/2006/12/21/ 
secrets-of-the-rails-console-ninjas. 
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SXSW INTERACTIVE FESTIVAL: 
CONNECT, DISCOVER, INSPIRE 

Attracting digital creatives and new media 
entrepreneurs, the 16th annual South by 
Southwest (SXSW) Interactive Festival gives 
you both practical how-to information as well 
as unparalleled career inspiration. Attend this 
legendary gathering of the tribes to renew your 
link to the cutting edge. 

SCHEDULED 2010 SPEAKERS: 

danah boyd to deliver Opening Remarks 
Saturday, March 13, 2010 

Spotify's Daniel Ekto Keynote SXSW Interactive 
on Tuesday, March 16, 2010 

SCHEDULED 2010 PANELS 
INCLUDE: All About the Browser, Baby! • 

Can Wikipedia Survive Popular Success and 
Community Decline? • Design for the Dark Side • 
Engaging The Queer Community • From Trolls to 
Stars: The Commenter Ecosystem • Gary 
Vaynerchuk Presentation • History of the Button • 

I Don't Trust You One Stinking Bit • Jacks of All 
Trades or Masters of One? • Made It So (Interface 
Makers in Movies) • Offering Your Content in 
100 Languages • Paul Boag Presentation • 
Real-Time Everything: the Era of Communication 
Ubiquity • Selling Subculture Without Selling 
Out • Trials and Tribulations of the Pirate Bay • 
Unsexy & Profitable: Making $$ Without • Visual 
Note-Taking 101 • Web Framework Battle 
Royale • You Developed the Content — Now 
Build The Hardware 

For a complete list of currently confirmed 
sessions for the 2010 event go to: 

sxsw.com/interactive/talks/panels 

REGISTER TO ATTEND SXSW 
INTERACTIVE 2009 

Register before January 15, 2010 to receive the 
next early bird rate and get your choice of the best 
hotels available: sxsw.com/attend 
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WORK THE SHELL 


Parsing Your Twitter 
Stream 

dave taylor More WO rk on the Twitter response hot. 



Last month, we circled back to Twitter and started 
developing a shell script that lets you actually parse 
and respond to queries sent via Twitter. The idea 
was that if you were a store, for example, a tweet 
of "hours?" could be answered automatically with 
a response tweet of the store's hours—simple, but 
interesting nonetheless. 

We ended last month with a script that does 
quite a bit in just a few lines: 

#!/bin/sh 

curl="/usr/bin/curl -s" 

inurl="http://www. twitter.corti/statuses/mentions. xml" 
pw= 1 PasswordGoesHere 1 
temp="/tmp/$(basename $0).$$" 

trap "/bin/rm -f $temp" 0 1 9 15 # axe our temp file 

Scurl -u "davetaylor:$pw" Sinurl | \ 

grep -E 1 (<screen_name>|<text>) 1 | \ 
sed 's/@DaveTaylor //;s/ <text>//;s/<\/text>//' | \ 
sed 's/ <screen_name>//;s/<\/screen_name>//' | \ 

awk '{if (NR % 2 == 1) { printf ("msg=\"%s\"; ",$0) } 
else { print "id="$0 }}' > $temp 

while read buffer 
do 

eval Sbuffer 

echo Twitter user @$id sent message Smsg 
done < $temp 

exit 0 

(Unfortunately, it has to have the Twitter 
account password hard-coded, which I've 
obviously redacted here. You can see where 
I have "davetaylor" appear and can tweak this 
to match your own Twitter account.) 

This is a pretty tricky script, if I say so myself. 
Here you can see that we unwrap the XML sent by 
Twitter and use a complicated sequence of 


This is a pretty tricky script, 
if I say so myself. 


grep/sed/awk to turn it into two name=value pairs, 
instantiating msg and id. 

When I run the script, I see: 

Twitter user @TedWahler sent message That sounds like a 
very interesting article. When and where can I read 
&quot;When Not To Identify your Group Memberships&quot; Dave? 

Twitter user @naomimimi sent message i will send you some 
of my amazing restedness after sleeping for 20 hours 
yesterday. *bzzzt* feel better? :) 

Twitter user @GaryBloomer sent message RE: Song. Dave, 
don't know if you have an answer yet, but: Supertramp: 

If Everyone Was Listening 

A tiny tweak can show who sends you tweets 
(these are actually @ replies, which is what makes 
this work): simply change the echo in the final loop 
to just echo $id. 

Want to find those shortened URLs and compile 
a list? That's a tiny bit more tricky, but you can use 
tr and grep to do the heavy lifting: 

$ sh tweet-listen.sh | tr ' ' '\ 

> ' | grep 'http://' 

http://twurl.nl/bco8tq 
http://twurl.nl/bco8tq 
http://bit.ly/12PvjV 

Hey, someone must have retweeted or something 
for the same URL to show up twice! 

What we want to do though is look for a specific 
pattern within the stream, so let's do that instead. 

Looking for Patterns 

The easy way is to change the whi le read buffer 
loop to do the parsing: 

while read buffer 
do 

eval Sbuffer 

if [ "$msg" == "hours" ] ; then 
echo "Twitter user @$id asked what our hours are" 

elif [ "Smsg" = "address" ] ; then 
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echo "Twitter user @$id asked for our address" 

# else 

# echo Twitter user @$id sent message $msg 
fi 

done < $temp 

Armed with that (and with some cooperative 
Twitter pals), I can now run the script and find 
out that: 

Twitter user @MommyBrain asked for our address 
Twitter user @lizhamilton asked what our hours are 
Twitter user @valdezign asked what our hours are 
Twitter user @bgindra asked what our hours are 
Twitter user @MommyBrain asked what our hours are 

Coolness, eh? Now, let's answer. 

Responding to Tweet Queries 

From an earlier column "Pushing Your Message 
Out to Twitter" in the November 2008 issue of LJ 

(www.linuxjournal.com/article/10222), we have 
a script already lying around that lets you specify 


what message you'd like to send out on Twitter, so 
it's just a matter of assembling it properly: 

while read buffer 
do 

eval $buffer 

if [ "$msg" == "hours" ] ; then 
echo "Twitter user @$id asked what our hours are" 

$tweet "@$id our hours are Mon-Fri 9-5, Sat 10-4." 

elif [ "$msg" = "address" ] ; then 
echo "Twitter user @$id asked for our address" 

$tweet "@$id we're at 123 University Avenue, Anywhere USA" 
fi 

done < $temp 

In this instance, I'll repeat the earlier tweet script 
because it's both so succinct and so darn useful: 

#!/bin/sh 

# Twitter command line interface 
user="DaveTaylor" ; pass='PasswordGoesHere' 
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WORK THE SHELL 


Just like so much in the world of 
programming, things aren’t as easy 
as you’d like them to be. 


curl="/usr/bin/curl" 

$curl --silent --user "Suser:$pass" --data-ascii \ 

"status=$(echo $@ | tr ' ' \ 

"http://twitter.com/statuses/update.json" > /dev/null 

echo "(sent tweet $@)" 
exit 0 

The problem is a bit more complex than we've addressed 
so far, because when I asked people to send one-word 
queries, I also got things like "directions" and directions! 
rather than just the word by itself, unadorned by punctuation, 
quotation marks and so on. 

This is something well need to deal with in the script, so 
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we'll want to scrub the msg value to be just alphanumeric (or 
just alphabetic, if our set of canned response queries never 
includes a digit). This can be done with tr again, immediately 
after the eval $buffer statement: 

msg="$(echo $msg | tr -cd 1 [:alpha:] 1 )" 

That's not quite right. When we get "directions", it's 
actually with the quotes escaped by HTML so they're &quot; 
rather than just the 11 symbol. The result? quotdirectionsquot. 
Not good. 

Just like so much in the world of programming, things 
aren't as easy as you'd like them to be. Instead, we're going 
to have to strip out quotes manually as part of the scrubbing 
process. Now it looks like this: 

msg="$(echo $msg | sed ’s/\&quot;//g’ | tr -cd 1 [:alpha:] ’)" 

It's a bit more complicated, but not terribly so. 

The bigger issue is recognizing when we've already 
responded to a Twitter query to the bot. I'm sure no one's 
going to appreciate it if a query for "hours?" results in an 
answer every ten minutes for the next two weeks! 

There are two ways to address that particular problem, one 
of which is to add timestamps to each tweet and figure out 
when we last auto-responded, but that sounds suspiciously like 
work. Instead, we simply can remember the most recent tweet 
to which we responded, including user ID, and use that as the 
starting point for subsequent auto-response parsing efforts. 

I can't squeeze it in this month, but rest assured that 
next month we'll add this third piece and then talk about 
how to slip it into a cron job so that every N minutes our 
Twitter response bot answers any pending queries from 
the twitterverse.H 


Dave Taylor has been hacking shell scripts for a really long time. He’s the author of the 
popular Wicked Cool Shell Scripts and can be found on Twitter as @DaveTaylor and more 
generally at www.DaveTaylorOnline.com. 


Ask Dave Taylor iPhone App 

Dave Taylor's Ask Dave Taylor tech-support iPhone 
app is now available through the Apple iPhone app 
store for $0.99. 

It has 2,500+ tech-support questions and a lot 
of Linux and shell script answers—all in the palm of 
your hand. The app also includes Q&A articles on 
auctions, blogging, building Web site traffic and 
much more. Plus, "it's the first truly interactive tech- 
support application for the iPhone and for any 
mobile device anywhere on the planet". 

Be sure to check it out at www.askdavetaylor.com/app. 
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H Linux VPNs with 
OpenVPN 

mick bauer Connect safely to the mother ship with a Linux VPN. 


The other day, I was accompanying local IT security 
legend and excellent friend Bill Wurster on his last 
official "wireless LAN walkabout" prior to his retire¬ 
ment (it was his last day!), looking for unauthorized 
wireless access points in our company's downtown 
offices. As we strolled and scanned, we chatted, 
and besides recalling old times, battles won and lost, 
and one very colorful former manager, naturally we 
talked about wireless security. 

Bill, who has dedicated much of the past decade 
to wireless network security work in various capacities, 
reiterated something all of us in the security game 
have been saying for years: one of the very best 
things you can do to defend yourself when using 
someone else's WLAN is to use a Virtual Private 
Network (VPN) connection to connect back to some 
other, more trustworthy, network. 

You might think the main value of a VPN 
connection is to encrypt sensitive communications, 
and that's certainly very important. But if you make 
your VPN connection your default route and use 
your trusted network's DNS servers, Web proxies 
and other "infrastructure" systems to communicate 
back out to the Internet (for example, for Web surfing), 
you won't have to worry about DNS spoofing, 
Web-session hijacking or other entire categories 
of localized attacks you might otherwise be subject 
to on an untrusted LAN. 

For this reason, our employer requires us to use 
our corporate VLAN software any time we connect 
our corporate laptops to any WLAN "hotspot" or 
even to our personal/home WLANs. So, Bill asked 
me, why don't you write about making VLAN 
connections with Linux laptops? 

This isn't the first good idea Bill's given me (nor, 

I hope, is it the last). So this month, I begin a series 
on Linux VPNs, with special attention to OpenVPN. 
I'd like to dedicate this series to Bill Wurster, whose 
skill, creativity, enthusiasm and integrity have been 
such an inspiration not only to me but also to a 
couple generations of coworkers. Your warmth and 
wisdom will be sorely missed, Bill—here's wishing 
you a long, happy and fun retirement! 

VPN Basics 

Rather to my surprise, the overview of VPN 
technologies in general, and Linux VPN choices in 


specific, that I did in 2005 is still pretty current 
(see Resources for a link to this earlier article). If 
you find the overview I'm about to give to be 
too brief, I refer you to that piece. Here, though, 
is a brief introduction. 

To create a "Virtual Private Network" is to 
extend some private network—for example, your 
home Local Area Network (LAN) or your employer's 
Wide Area Network (WAN)—by connecting it to 
other networks or systems that aren't physically 
connected to it, using some sort of "virtual" 
(non-dedicated, non-persistent) network connection 
over network bandwidth not controlled or managed 
by you. In other words, a VPN uses a public 
network (most commonly the Internet) to 
connect private networks together. 

Because by definition a public network is one 
over which you have no real control, a VPN must 
allow for two things: unreliability and lack of 
security. The former quality is mainly handled by 
low-level error-correcting features of your VPN 
software. Security, however, is tricky. 

You must select a VPN product or platform that 
uses good security technologies in the first place 
(the world is filled with insecure VPN technologies), 
and you must furthermore enable those security 
features and resist the temptation to weaken them 
in order to improve VPN performance (which is ulti¬ 
mately futile anyhow, as Internet bandwidth is gen¬ 
erally slower and less reliable than other long-range 
network technologies, such as dedicated circuits). 

There are three categories of security we care 
about in this context: 

1. Authentication: is the computer or network device 
trying to connect to the trusted network an 
expected, authorized VPN endpoint? Conversely, 
am I, the VPN client, really connecting to my 
trusted network or has my connection request 
been redirected to some impostor site? 

2. Data integrity: is my connection truly usable only 
by me and my trusted network, or is it possible 
for some outsider to inject extraneous traffic into 
it or to tamper with legitimate traffic? 

3. Privacy: is it possible for an attacker to read data 
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contained in my VPN traffic? 

You may not need all three types of security. 
For example, if you're using a VPN connection to 
transfer large quantities of public or otherwise 
nonsensitive information, and are only using a 
VPN in the first place to tunnel some not-normally- 
IP-routable protocol, you might consider a "null- 
encryption" VPN tunnel. But even in that case, 
you should ask yourself, what would happen if 
an attacker inserted or altered data in these 
transactions? What would happen if an attacker 
initiated a bogus connection altogether? 

Luckily, some VPN protocols, such as IPsec, 
allow you to "mix and match" between features 
that address different security controls. You can, for 
example, use strong authentication and crypto¬ 
graphic error/integrity-checking of all data without 
actually encrypting the tunnel. In most situations, 
however, the smart thing to do is leverage good 
authentication, integrity and privacy (encryption) 
controls. The remainder of this series assumes you 
need all three of these. 

There are two common usage scenarios for 


VPNs: "site-to-site" and "remote-access". In a 
site-to-site VPN, two networks are connected by an 
encrypted "tunnel" whose endpoints are routers 
or servers acting as gateways for their respective 
networks. Typically, such a VPN tunnel is "nailed" 

(or "persistent")—once established, it's maintained 
as an always-available, transparent route between 
the two networks that end users aren't even aware 
of, in the same way as a WAN circuit, such as a T1 
or Frame Relay connection. 

In contrast, each tunnel in a remote-access VPN 
solution connects a single user's system to the trusted 
network. Typically, remote-access VPN tunnels are 
dynamically established and broken as needed. For 
example, when I work from home, I establish a VPN 
tunnel from my company's laptop to the corporate 
VPN concentrator. Once my tunnel's up, I can reach 
the same network resources as when I'm in the 
office; with respect to computing, from that point 
onward I can work as normal. Then at the end of 
the day, when it's time to shut down my machine, 

I first close my VPN tunnel. 

For site-to-site VPNs, the endpoints are typically 
routers. All modern router platforms support VPN 
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protocols, such as IPsec. Establishing and breaking 
VPN tunnels, however, can be computationally 
expensive—that is, resource-consuming. 

For this reason, if you need to terminate a lot 
of site-to-site tunnels on a single endpoint (for 
example, a router in your data center connecting 
to numerous sales offices), or if you need to support 
many remote-access VPN clients, you'll generally 
need a dedicated VPN concentrator. This can take 
the form of a router with a crypto-accelerator circuit 
board or a device designed entirely for this purpose 
(which is likely to have crypto-accelerator hardware 
in the form of onboard ASICs). 

A number of tunneling protocols are used for 
Internet VPNs. IPsec is an open standard that 
adds security headers to the IPv4 standard (techni¬ 
cally it's a back-port of IPv6's security features to 
IPv4), and it allows you either to authenticate and 


integrity-check an IPv4 stream "in place" (with¬ 
out creating a tunnel per se) or to encapsulate 
entire packets within the payloads of a new IPv4 
stream. These are called Authentication Header 
(AH) mode and Encapsulating Security Payload 
(ESP) mode, respectively. 

Microsoft's Point-to-Point Tunneling Protocol 
(PPTP) is another popular VPN protocol. Unlike 
IPsec, which can be used only to protect IP traffic, 
PPTP can encapsulate non-IP protocols, such as 
Microsoft NETBIOS. PPTP has a long history of 
security vulnerabilities. 

Two other protocols are worth mentioning 
here. SSL-VPN is less a protocol than a category of 
products. It involves encapsulating application traffic 
within standard HTTPS traffic, and different vendors 
achieve this in different (proprietary) ways. SSL-VPN, 
which usually is used in remote-access solutions. 


2009: a Bad Year for SSL/TLS? 


OpenVPN depends on OpenSSL, a free imple¬ 
mentation of the SSL and TLS protocols, for its 
cryptographic functions. But SSL/TLS has had a 
bad year with respect to security vulnerabilities. 
First, back in February 2009, Moxie Marlinspike 
and others began demonstrating man-in-the- 
middle attacks that could be used to intercept 
SSL/TLS-encrypted Web sessions by "stripping" 
SSL/TLS encryption from HTTPS sessions. 

These are largely localized attacks—in practice, the 
attacker usually needs to be on the same LAN as 
(or not very far upstream of) the victim—and they 
depend on end users not noticing that their HTTPS 
sessions have reverted to HTTP. The NULL-prefix 
man-in-the-middle attack that Marlinspike and Dan 
Kaminsky subsequently (separately) demonstrated 
that summer was more worrisome. It exploited 
problems in X.509 and in Firefox that made it 
possible for an attacker essentially to proxy an HTTPS 
session, breaking the encryption in the middle, in a 
way that allows the attacker to eavesdrop on (and 
meddle with) HTTPS traffic in a way that is much 
harder for end users to notice or detect. 

But, that wasn't all for 2009 (which isn't even finished 
yet, as I write this). In November, security researchers 
uncovered problems with how the SSL/TLS protocol 
handles session state. These problems at least 
theoretically allow an attacker not only to eavesdrop 
on but also inject data into SSL/TLS-encrypted data 
streams. Although the effects of this attack appeared 


similar to those of the NULL-prefix attack, the latter 
involved client/browser-side X.509 certificate-handling 
functions that were browser/platform-specific and 
didn't involve any server-side code. 

In contrast, the November revelation involved 
actual flaws in the SSL/TLS protocol itself, whether 
implemented in Web browsers, Web servers or 
anything else using SSL/TLS. Accordingly, applica¬ 
tion or platform-specific patches couldn't help. 

The SSL/TLS specifications themselves, and all 
implementations of it (mainly in the form of 
libraries such as OpenSSL), had to be changed. 

That's the bad news. OpenVPN depends on protocols 
that have been under intense fire lately. The good 
news is, because e-commerce, on-line banking 
and scores of other critical Internet applications 
do as well, at the time of this writing, the IETF 
has responded very rapidly to make the necessary 
revisions to the SSL/TLS protocol specifications, 
and major vendors and other SSL/TLS implementers 
appear to be poised to update their SSL/TLS libraries 
accordingly. Hopefully, by the time you read this, 
that particular issue will have been resolved. 

Obviously, by even publishing this article, I'm 
betting on the continued viability of SSL/TLS 
and, therefore, of OpenVPN. But, I'd be out of 
character if I didn't speak frankly of these problems! 
You can find links to more information on these 
SSL/TLS issues in the Resources section. 
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typically allows clients to use an ordinary Web browser to 
connect to an SSL-VPN gateway device. Once authenticated, 
the user is presented with a Web page consisting of links to 
specific services on specific servers on the home network. 

How, you might ask, is that different from connecting to a 
"reverse" Web proxy that's been configured to authenticate 
all external users? For Web traffic, most SSL-VPN products 
do, in fact, behave like standard Web proxies. The magic, 
however, comes into play with non-HTTP-based applications, 
such as Outlook/Exchange, Terminal Services, Secure Shell 
and so forth. 

For non-HTTP-based applications, the SSL-VPN gateway 
either must interact with a dedicated client application (a 
"thick" client) or it must push some sort of applet to the user's 
Web browser. Some SSL-VPN products support both browser- 
only access and thick-client access. Others support only one or 
the other. 

Thick-client-only SSL-VPN, unlike browser-accessible, can 
be used to encapsulate an entire network stream, not just 
individual applications' traffic. In common parlance though, 
the term SSL-VPN usually connotes browser clients. 

And, that brings us to the subject of the remainder of 
this month's column and the exclusive focus of the next few 
columns: other SSL-based VPNs. As I just implied, it's possible 
to encrypt an entire network stream into an SSL session, for 
the same reason it's possible to stream audio, video, remote 
desktop sessions and all the other things we use our browsers 
for nowadays. 

OpenVPN is a free, open-source VPN solution that 
achieves this very thing, using its own daemon and client 
software. Like PPTP, it can tunnel not only IP traffic, but also 
lower-level, non-IP-based protocols, such as NETBIOS. Like 
IPsec, it uses well-scrutinized, well-trusted implementations 
of standard, open cryptographic algorithms and protocols. 

I explain how, in more detail, shortly. But for overview 
purposes, suffice it to say that OpenVPN represents a class 
of encapsulating SSL/TLS-based VPN tools and is one of the 
better examples thereof. 

Some Linux VPN Choices 

Nowadays, a number of good VPN solutions exist for Linux. 
Some commercial products, of course, release Linux versions 
of their proprietary VPN client software (so many more than 
when I began this column in 2000!). 

In the IPsec space, there are Openswan, which spun 
off of the FreeSA/VAN project shortly before the latter ended; 
Strongswan, another FreeSA/VAN spin-off; and NETKEY 
(descended from BSD's KAME), which is an official part of the 
Linux 2.6 kernel and is controlled by userspace tools provided 
by the ipsec-tools package. All of these represent IPsec 
implementations for the Linux kernel. Because IPsec is an 
extension of the IPv4 protocol, any IPsec implementation 
on any operating system must be integrated into its kernel. 

vpnc is an open-source Linux client for connecting to 
Cisco VPN servers (in the form of Cisco routers, Cisco ASA 
firewalls and so forth). It also works with Juniper/Netscreen 
VPN servers. 
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1TB Storage Installed. Max - 3TB. 

Intel Dual core 5030 CPU (Qty.l), Max-2 CPUs 
1GB 667MGZ FBDIMMs Installed. 

Supports 16GB FBDIMM. 

4X250GB htswap SATA-II Drives Installed. 

4 port SATA-II RAID controller. 

2X10/100/1000 LAN onboard. 


2U Server-ASA2121i 

4TB Storage Installed. Max - 12 TB. 

- Intel Dual core 5050 CPU. 

- 1GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

-16 port SATA-II RAID controller. 

- 16X250GB htswap SATA-II Drives Installed. 
-2X10/100/1000 LAN onboard. 

-800w Red PS. 




3U Server-ASA3161i 

- 4TB Storage Installed. Max - 12T8. 

- Intel Dual core 5050 CPU. 

- 1GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

-16 port SATA-II RAID controller. 

- 16X250GB htswap SATA-II Drives Installed. 

- 2X10/100/1000 LAN onboard. 

- 800w Red PS. 


5U Server-ASA5241i 

- 6TB Storage Installed. Max - 18TB. 

- Intel Dual core 5050 CPU. 

- 4GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

- 24X250GB htswap SATA-II Drives Installed. 
24 port SATA-II RAID. CARD/BBU. 

-2X10/100/1000 LAN onboard. 

- 930w Red PS. 



8U Server-ASA8421i 

- 10TB Storage Installed. Max - 30TB. 

- Intel Dual core 5050 CPU. 

- Quantity 42 Installed. 

- 1GB 667MGZ FBDIMMS. 

- Supports 32GB FBDIMM. 

- 40X250GB htswap SATA-II Drives Installed. 

- 2X12 Port SATA-II Multllane RAID controller. 

- 1X16 Port SATA-ll Multllane RAID controller. 

- 2X10/100/1000 LAN onboard. 

- 1300 W Red Ps. 


All systems Installed and tested with user's choice at Linux 
distribution (freel. ASA Collocation—$75 per month 
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PARANOID PENGUIN 


Although I don't recommend either due to 
PPTP's security design flaws, PPTP-linux and Poptop 
provide client and server applications, respectively, 
for Microsoft's PPTP protocol. Think it's just me? Both 
PPTP-linux's and Poptop's maintainers recommend 
that you not use PPTP unless you have no choice! 
(See Resources for links to the PPTP-linux and 
Poptop home pages.) 

And, of course, there's OpenVPN, which 
provides both client and server support for 
SSL/TLS-based VPN tunnels, for both site-to-site 
and remote-access use. 

Introduction to OpenVPN 

All the non-PPTP Linux VPN tools I just mentioned 
are secure and stable. I focus on OpenVPN for the 
rest of this series, however, for two reasons. First, 
I've never covered OpenVPN here in any depth, but 
its growing popularity and reputation for security 
and stability are such that the time is ripe for me to 
cover it now. 

Second, OpenVPN is much simpler than IPsec. 
IPsec, especially IPsec on Linux in either the client 
or server context, can be very complicated and 
confusing. In contrast, OpenVPN is easier to 
understand, get working and maintain. 

Among the reasons OpenVPN is simpler is that it 
doesn't operate at the kernel level, other than using 
the kernel's tun and tap devices (which are compiled 
in the default kernels of most mainstream Linux 
distributions). OpenVPN itself, whether run as a VPN 
server or client, is strictly a userspace program. 

In fact, OpenVPN is composed of exactly one 
userspace program, openvpn, that can be used 
either as a server daemon for VPN clients to connect 
to or as a client process that connects to some 
other OpenVPN server. Like stunnel, another tool 
that uses SSL/TLS to encapsulate application traffic, 
the openssl daemon uses OpenSSL, which nowadays 
is installed by default on most Linux systems, for its 
cryptographic functions. 

OpenVPN, by the way, is not strictly a Linux tool. 
Versions also are available for Windows, Solaris, 
FreeBSD, NetBSD, OpenBSD and Mac OS X. 

Getting OpenVPN 

OpenVPN is already a standard part of many Linux 
distributions. Ubuntu, Debian, SUSE and Fedora, 
for example, each has its own "openvpn" package. 
To install OpenVPN on your distribution of choice, 
chances are all you'll need to do is run your 
distribution's package manager. 

If your distribution lacks its own OpenVPN 
package, however, you can download the latest 
source code package from www.openvpn.net. 
This package includes instructions for compiling 
and installing OpenVPN from source code. 


Conclusion 

Now that you've got some idea of the uses of VPN, 
different protocols that can be used to build VPN 
tunnels, different Linux tools available in this space 
and some of the merits of OpenVPN, we're ready 
to roll up our sleeves and get OpenVPN running in 
both server and client configurations, in either 
"bridging" or "routing" mode. 

But, that will have to wait until next month— 
I'm out of space for now. I hope I've whetted your 
appetite. Until next time, be safe! ■ 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for 
one of the US’s largest banks. He is the author of the O’Reilly book Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linux), 
an occasional presenter at information security conferences and composer 
of the “Network Engineering Polka”. 


Resources 


Mick Bauer's Paranoid Penguin, January 2005, "Linux VPN 
Technologies": www.linuxjournal.com/article/7881 

Wikipedia's Entry for IPsec: en.wikipedia.org/wiki/IPsec 

Home Page for Openswan, an IPsec Implementation 
for Linux Kernels: en.wikipedia.org/wiki/IPsec 

Home Page for Strongswan, Another Linux IPsec 
Implementation: www.strongswan.org 

Home Page for pptp-linux (not recommended): 

pptpclient.sourceforge.net 

Poptop, the PPTP Server for Linux (not recommended): 

poptop.sourceforge.net/dox 

Tools and Papers Related to Moxie Marlinspike's SSL 
Attacks (and Others): www.thoughtcrime.org/ 
software.html 

"Major SSL Flaw Find Prompts Protocol Update", 
by Kelly Jackson Higgins, DarkReading: 

www.darkreading.com/security/vulnerabilities/ 

showArticle.jhtml?articlelD=221600523 

Official OpenVPN Home Page: www.openvpn.net 

Ubuntu Community OpenVPN Page: 

https://help.ubuntu.com/community/OpenVPN 

Charlie Hosner's "SSL VPNs and OpenVPN: A lot of 
lies and a shred of truth": www.linux.com/archive/ 
feature/48330 
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HACK AND / 


Make a Local Mutt Mail 
Server 

kyle rankin Mail server configuration doesn’t have to require pages of text files, five 

manuals and a team of system administrators. If you just need to relay 
mail from your local mutt client, it’ll take a few minutes and a few short 
lines in a Postfix config. 



I talk about mutt a lot in this column, if you 
hadn't noticed. For me, in this day and age of 
large graphical mail programs and Web-based 
mail applications, you still can't beat the speed, 
power and customization of mutt. Let's also not 
forget the vi-style keybindings—I love those. 

One thing you might notice the first time you 
use mutt, however, is that it is strictly a MUA 
(Mail User Agent) and not an MTA (Mail Transfer 
Agent). This means mutt is concerned only with 
acting as an e-mail client and doesn't actually 
contain any code to communicate with remote 
mail servers. That job is done by an MTA. 
Although many mail clients also include code 
so they can relay mail through an MTA, mutt 
opts to use the system's own local mail server. 
Traditionally, this hasn't been an issue on Linux, 
as most Linux servers have had some mail server 
installed and set up. These days, however, you 
might not have a fully configured mail server on 
your desktop install. That's okay though, because 
in this column, you'll see how simple it is to set 
up your own local mail server, thanks to Postfix. 

Even if you don't use mutt, there are many 
advantages to having your own local mail server, 
if only to relay mail for you. For one, it can 
handle spooling all of your e-mail and will retry 
delivery automatically if it fails for some reason 
or another (such as if your wireless connection 
drops or you close your laptop) without having 
to leave your mail program open. For another, 
once you have your mail server set up how you 
want it, any other mail client on your computer 
can take advantage of it: simply point your client 
to localhost. 

The Mail Server Holy War 

A number of different mail servers are available 
for Linux these days, each with its own set of 
advantages and disadvantages. Many holy wars 
have been fought over Sendmail vs. Postfix vs. 
Exim vs. using Telnet to connect directly to 
port 25 on a mail server and type in raw SMTP 


commands. I've tried them all over the years (yes, 
even Telnet), and for me, Postfix has the best 
balance between stable performance, security and 
most important, simple configuration files. So for 
this column, I discuss the specific steps for setting 
up Postfix as a mail relay. 

The first step is to install the Postfix server 
itself. On most distributions, you'll find this 
package is split up into a main Postfix package 
plus a few extra packages that provide specific 
features, such as MySQL or LDAP integration. 
Because we are just setting up a basic mail 
relay here, all we really need is the main Postfix 
package. Now, if you install this package on a 
Debian-based system, you will be prompted by 
the post-install script that acts as a wizard to set 
up Postfix for you. If you want, you simply can 
walk through the wizard and pick "Internet Site" 
to send e-mail out directly to the rest of the 
Internet or choose "Internet with smarthost" 
to relay all of your mail through a second mail 
server (perhaps provided by your ISP) first. Either 
way, you will be asked a few simple questions, 
and at the end, you'll have a basic Postfix 
configuration ready to use. 

On other systems (or if you choose "No 
configuration" on a Debian-based system), you 
might end up with an empty or very heavily com¬ 
mented Postfix configuration file at/etc/postfix/main.cf. 
What you'll find is that for a basic mail server, 
you really need only a few lines in your config. 
Postfix picks pretty sane and secure defaults, so 
if you want it to deliver mail on your behalf, you 
need only a few lines: 

mynetworks = 127.0.0.0/8 
i net_i interfaces = loopback-only 

Yes, that's basically it. Now, simply restart Postfix 
with /etc/ i ni t. d/ postfix restart, and your 
mail server will be up and running. With the sane 
defaults in Postfix, you just need to hard-code those 
two settings to ensure that Postfix accepts mail only 
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on localhost. The inetjnterfaces line tells Postfix to 
listen only on the localhost address for e-mail so no 
clients can connect to your server from the outside. 
The mynetworks line adds to that security and 
tells Postfix to allow only mail from localhost to 
be relayed through the server. 

The Pesky Port 25 Problem 

It used to be that the above was all you needed for 
a functioning mail server on the Internet. With the 
rise of spam measures and countermeasures, how¬ 
ever, these days, fewer and fewer ISPs are willing to 
allow port 25 traffic from clients through to the 
outside world. Even if they do, many mail servers on 
the Net won't accept traffic from hosts inside ISP 
networks. If you find yourself on such a network, 
you likely will need to add a relay host to your 
main.cf. The relay host is a mail server usually pro¬ 
vided by your ISP through which your mail server 
can send e-mail. If you were setting up a client like 
Thunderbird, for instance, this would be the SMTP 
server you would configure for it. 

To set up a generic relay host in Postfix, just add: 


relayhost = fnail.somedomain.net 


to your/etc/postfix/main.cf. Replace 
mai 1. somedomai n . net with the hostname of 
your ISP's relay host. Once you modify the file, 
simply type postfix reload as the root user 
to enable the new settings. 

SMTP AUTH 

Of course, some mail servers won't just let anyone 
on their network relay through them (and rightly 
so). In that case, usually they require that everyone 
authenticate with them first. This takes a few extra 
steps with Postfix, but like with everything else, it's 
still not very difficult. First, add the following lines 
to the /etc/postfix/main.cf: 


smtp_sasl_auth_enable = yes 

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
smtp_sasl_security_options = noanonymous 


ideal, but you can at least make sure that only root 
can read the file. As the root user, type: 

# chown root:root /etc/postfix/sasl_password 

# chmod 600 /etc/postfix/sasl_passwd 

Postfix actually doesn't read this file directly; 
instead, it reads a hash database created from this 
file. To create the file, run: 

# postmap /etc/postfix/sasl_passwd 

And, you will see that a new file, 

/etc/postfix/sasl_passwd.db, has been created. You'll 
need to run the postmap command any time you 
modify the /etc/postfix/sasl_passwd file. Now, reload 
Postfix one final time, and mutt should be able to 
relay mail through your local host. If you want to 
perform a quick test without mutt, you can type: 

echo test | mail -s "test" user@remotehost 

and it will send an e-mail message with a subject 
and body of "test" to the user you specify. 

Postfix's logfile might vary a bit, depending on 
your system, but you should be able to find it in 

Even if you don’t use mutt, there are many 
advantages to having your own local 
mail server, if only to relay mail for you. 

/var/log/mail.log or/var/log/maillog. That's the first 
place you should look if you find that some mail is 
not being delivered. The second place to look is the 
mailq command. That command will give you a 
quick status of all e-mail that is currently in the local 
spool along with its status. If all of your mail has 
been delivered successfully to other hosts, the 
output will look something like this: 

$ mailq 

Mail queue is empty 


This tells postfix to enable SMTP authentication 
and tells it to look in /etc/postfix/sasl_passwd for 
logins and passwords to use for hosts. The next 
step is to create the /etc/postfix/sasl_passwd file. If 
I wanted to log in to mail.somedomain.net with the 
user name kyle and the password muttrules, I would 
put the following line in the file: 

mail.somedomain.net kyle:muttrules 

There is a downside to this in that the password 
for the account is now in clear text. That's less than 


It's truly that simple. Of course, mail server 
administration definitely can become more complex 
than this when you want to do more than relay 
your own personal e-mail. But, it's good to know 
that simple configurations like the above are 
possible. If you are like me, saving time on the 
Postfix configuration just gives you extra time 
to tweak your mutt config.B 


Kyle Rankin is a Systems Architect in the San Francisco Bay Area and the author of 
a number of books, including The Official Ubuntu Server Book, Knoppix Hacks and 
Ubuntu Hacks. He is currently the president of the North Bay Linux Users’ Group. 
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A Desktop for Our 
Little Penguin 


DIRK ELMENDORF ,, , , , , , ... 

How to make the perfect desktop for young kids. 


The theme for this month's issue is the desktop, 
and when I sat down to write this article, I was 
going to focus on bringing the cloud to your 
desktop. A number of services exist, and I figured 
one of them would help me solve a problem that 
has gotten more troublesome of late—keeping all 
my workstations in sync. But, in the process of 
doing my research, a more pressing desktop 
problem came up. His name is Max. 

Max is my son. He is only 15 months old, but he 
already has become a technology-seeking missile. 

No remote is safe. Any keyboard or mouse within 
reach is explored. This probably is a combination of 
mimicry, since I spend a lot of time with a mouse or 
remote in my hand, and his excitement over cause 
and effect. As the IT person in the house, I would 
prefer it that my users not bang on the keyboards 
until something bad happens. As a parent and Linux 
fan, I am happy for him to explore technology in 
whatever way he chooses—especially because I am 
in the golden time before I have to worry about 
what he is searching for on Google. 

What started as a "crazy" idea came together 
pretty quickly. A quick scan of the inventory in my 
office turned up an old file server that was no 
longer being used. It is not very powerful, but Max 
did not need more than a "computer". I found a 
CD-ROM drive and installed it. The computer 
Figure 1. Crayola already had a network card (yes, it is so old, there 

Keyboard and was no onboard NIC) and integrated sound. I pulled 

Colby T-Rex Mouse out an old 17 11 monitor and some speakers. That 



just left a mouse, keyboard and desk. 

My wife already had gotten Max a keyboard. It 
was supposed to be for Christmas, but in the name 
of turning in my article in time, I opened it a few 
months early. It is a Crayola keyboard. The keys are 
big and brightly colored. It has no function keys 
(which means Max cannot get to the terminals). For 
a mouse, I picked up a Colby T-Rex mouse, which 
claims to be specially designed for the way little kids 
click. Originally, I was a little worried Max constantly 
would pick up the mouse to stare at the red light, 
but that did not seem to interest him. 

The last piece of the puzzle was the desk. I 
measured Max and found that he needed a desk at 
about 22 11 tall if he was standing when he used the 
computer. I use a standing desk from GeekDesk. So, 
it seemed to make sense to have him stand as well— 
both because it is better for you and also because 
it means I won't be tripping over a tiny chair in my 
office. A quick trip to Wal-Mart turned up a computer 
stand. It was built out of particle wood and plastic 
tubes—not the best piece of furniture in the world, 
but I was able to find a combination of plastic tubes 
that gave it exactly the right height. As a bonus, I have 
tubes left over, so we can raise the desk as he grows. 

Now that his workstation was assembled, it was 
time to get to the installing portion of the show. 
After some quick research on Google, I turned 
up three possibilities for his OS. 

Sugar Learning Platform 

The Sugar Learning Platform was the system 
originally developed for the One Laptop per Child 
Netbook. I was interested in this one because it is 
specifically designed for learning. The developers 
spent a lot of time rethinking how everything works 
so that it would reinforce that goal. Besides, like 
most people, I had seen only screenshots. It seemed 
like this was my best opportunity to use it for an 
actual purpose. Sugar is now based on Fedora as its 
base OS. You even can download a version to run 
off a USB thumbdrive. I downloaded and installed 
the Strawberry release onto a thumbdrive. 

Edubuntu 

Edubuntu is a branch of Ubuntu. This version is 


36 | february2010 www.linuxjournal.com 






focused on building an "educational" operating 
system, and it seems to have two different goals. 
The first is to group software in age-appropriate 
bundles. The second is to make it easy to administer 
computer labs running Ubuntu. I was more interested 
in the bundles than the administration. Originally, 
Edubuntu provided a full ISO for you to download 
and install. Currently, it offers another option. You 
simply can add on Edubuntu bundles to an existing 
Ubuntu install, which meant I could just use one of 
the Ubuntu CDs I already had lying around. 

Qimo 

Qimo (as in esQIMO) is a kid-specific distribution, 
also based on Ubuntu. It seemed to be more 
focused on the desktop portion than Edubuntu. For 
example, during the install process, you create a user 
account. That user is given full administration rights 
(aka access to sudo). Another user, qimo, also is 
created, qimo does not have a password and does 
not have sudo—meaning that when you boot up 
the machine, the user account the child is using can 
run applications but cannot make any modifications 
to the system. Qimo uses the Xfce desktop environ¬ 
ment, so it should be less resource-hungry (which 
is important as I am putting it on old equipment). 
Qimo also has a very cute kid-style Eskimo theme. 


information about an account on the system. I 
clicked Auto login, because I assumed it was silly to 
make Max log in. That turned out to be a mistake. 

Because the system was set to log in as me, it 
would not log in as the qimo user. 

Now I had all three ready for testing. As they say in 
the UK, things went pear-shaped. I have only two USB 
ports on the workstation, and they are used up by the 
keyboard and mouse. That left me nowhere to plug in 
the Sugar thumbdrive. I booted up Karmic, and in the 
process of trying to add Qimo as a boot option, I went 
down the path of upgrading to GRUB2. In the process, 

I blew up my ability to boot anything. 

That basically wasted an entire afternoon. This 
was all meant to be a project to introduce my son 
to the wonderful world of Linux—not an exercise 
in hair pulling. I took a step back and looked at the 
Sugar Web site to see if there was another way to 
run it. Then, everything clicked into place. Sure, these 
are different "products", but they still are open- 
source software. Everything I was working on was a 

Max does well, but I think it will be a 
little while before I have him navigate 
to different menus to find Tux Paint. 


Installation Day 

I already had the Sugar thumbdrive, so I moved on 
to getting the other two installed. My goal was to 
have a run-off. I would install all three and play with 
them. Once I got comfortable, I would unleash Max 
on each and see which one was the winner. 

I installed Jaunty (9.04) onto the computer. I also 
partitioned the drive into three different parts. That 
way, I could install each OS on its own partition. 
Once the install was complete, Ubuntu reminded 
me that Karmic (9.10) had been released. I decided 
to upgrade to Karmic, as the Edubuntu site said 
it supported it. After a long wait, everything was 
installed. Then, I added on the Edubuntu package: 

sudo apt-get install ubuntu-edu-preschool 

It installed without any problems. The only issue 
was it did not change anything about the look and 
feel of the system. Max does well, but I think it 
will be a little while before I have him navigate to 
different menus to find Tux Paint. 

Undeterred, I went through the install process 
for Qimo. Again, things were very straightforward, 
but I made two mistakes in this portion. I did not 
install a bootloader. I figured I'd let the GRUB2 
installed in Karmic handle the booting. (It turns out 
I should have installed it just to have easy GRUB 
menu files to crib from.) Second, I filled out the 


package at some point. So, rather than thinking 
of it as "here are three choices, pick one", I 
decided to install Qimo as the base, and then 
put Edubuntu and Sugar on top. That meant 
I could play with all of it. 

Installation, Take Two 

I installed Qimo again. This time, I had it take over the 
entire drive. I also left the Auto login box unchecked. 
As I started poking around, I found that Qimo actually 
is based on Intrepid (8.10). I decided to use the 
onboard Ubuntu tools to upgrade it to Jaunty, so 
that it would be easier to bring in Edubuntu and 
Sugar, which was a very straightforward process. 
The only issue I ran into was with the custom GDM 
configuration file. I ended up hand-merging the 
original version from Qimo with the new one. 

Once it was up and running, I added the Edubuntu 
package. Because it is available as a single package, it 
didn't take very long. So, that just left Sugar. 

There are some known issues with Sugar 
and Jaunty. The Sugar Wiki pointed me to a 
PPA (personal package archive). I added 
https://launchpad.net/~alsroot/-Farchive/ppa to 
my sources.list. Then, I authorized the archive 
by adding its signing key: 

sudo apt-key adv --keyserver keyserver.ubuntu.com 
^--recv-keys F265806A9BFFF0F4 
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Figure 2. Max at I had to remove a package that caused a conflict 

His Workstation— and then was able to install Sugar: 

Pre-Cable Cleanup 

apt-get remove etoys-doc 
apt-get install sugar-platform 

To run Sugar, you run sugar-emulator. I played 
with it briefly. There were two problems. One, the 
version I installed seemed to need other things 
installed to get it to do anything. The second issue 
was even bigger than the first. The Sugar environ¬ 
ment expects to be the desktop. That means it 
would like to take over the mouse and the display. 

It seems like it has potential, but it adds too much 
complexity for what I was trying to do for Max. 

Next up, I added an MP3 player (Max loves to 
play music) and the Flash plugin. It turns out every 
kid Web site I could find requires Flash to see or do 
anything. I added links to his favorite Web sites to 
the desktop. I modified the display a little. I doubled 
the size of the mouse cursor and expanded the space 
between launchers on the main panel. Just to make 
things a little more solid, I zip-tied the mouse and 
keyboard so they can move, but not be removed. I 
contemplated setting up an auto off/on using Wake 
on LAN, but decided Max needs some more time 
before he can use his workstation unsupervised. 

Once all that was done, I turned it over to Max. 
He played with Tux Paint for a little while. I turned 
on Proton Radio in the background for him, which 
he really likes. After a short time of moving the 
mouse, he anchored himself to the keyboard. Much 
like his father, he seems to prefer the keyboard as 
his input device of choice. 


Conclusions 

There is a lot of software out there for kids—serious 
typing tutors, counting and shapes helpers, and 
even a Mr Potato Head simulator (KTuberling). The 
craziest thing I saw was eToys, which is a Smalltalk 
environment for teaching kids programming. It is 
way beyond what I learned in Logo as a kid. 

Max's first "computer" was my Chumby. He 
spent a lot of time looking at LOLcats on there. 
Plus, because the Chumby has a built-in slideshow 
for all of the content, Max constantly would get 
new stuff, even if he was just looking at the 
Chumby. That kind of interface really works well 
with Max's level of attention span. I was unable to 
find an application to duplicate that experience for 
Max. Spending some time searching, I have found 
some Flash-based games that come close. I will keep 
introducing new things to Max and see what sticks. 

This actually brings me to my primary lesson 
from all of this. When I started, I was not sure if 
Max was ready for a computer. To be honest, there 
was not a clear consensus among my friends as to 
when that would be. Having played with Max and 
his computer for a week now, I can say this: Max 
is ready to explore anything as long as it is on his 
terms. That is the real value of this desktop. Now I 
have a place to show Max new things. I can let him 
try out new software or Web sites, and he can do it 
at his pace, because it is his computer. Before, as 
soon as playtime was done, I switched my computer 
back to work mode. Now Max wanders into my 
office does a little paint or controls the volume on 
some music. I look forward to the day when he asks 
for help debugging his eToys programs. I am not 
sure when that will be, but I am pretty sure it will 
come a little sooner with this project. ■ 


Dirk Elmendorf is cofounder of Rackspace, some-time home-brewer, longtime 
Linux advocate and even longer-time programmer. 


Resources 


Colby T-Rex Mouse: kidzmouse.com/products/ 
kidzmouse/colbytrex.html 

GeekDesk: www.geekdesk.com 

Sugar Learning Platform: www.sugarlabs.org 

Qimo: www.qimo4kids.com 

Edubuntu: edubuntu.org 

eToys: www.squeakland.org 


38 | february2010 www.linuxjournal.com 












Be Agile!I 

W 

Attend the Enterprise Software 
Development Conference! 

March 1-3, 2010 • San Mateo, Calif. 

Technical Program Announced 
at www.go-esdc.com! 

Attend ESDC and walk away with knowledge and skills that 
you can put to work immediately. 




Complete Speaker List 
& Bios Online! 



Beck Intersimone Martin 



Holub Gottesdiener Hobart 




Pugh 


Binstock 


STUDY with the industry's top faculty - all 
software development experts who will 
enlighten and inspire you. 

LEARN from more than 80 workshops 
and technical classes at ESDC - and stay 
on the forefront of software development. 


SHARPEN your skills across the entire 
software development life cycle, from 
requirements and modeling, to architecture 
and programming, to quality assurance, 
deployment and maintenance. 

MASTER the latest agile development 
practices and learn how to build better 
software, faster and more effectively. 




O'Brien Rozlog Hussman Zeichick 



Matsumura Quatrani Laddad Saks 




Jj- Seapine Software' 

A BZ Media Event 


Klocworlc 
^ FairCom 


www.go-esdc.com 














NEW PRODUCTS 


r 


CodeWeavers' Crossover Games 


cross-over Games 


As if gamers didn't need another fix, CodeWeavers recently released Linux and 
Mac versions of Crossover Games 8.1, an emulator that allows one to play 
Windows-based games without a Windows license. The new version 8.1, 
code-named Zombie Mallard, adds support for the fervently anticipated new game 
Left4Dead 2 to the existing roster of games, which includes World of Warcraft, 

EVE Online , Guild Wars, Prey and the Half-Life series. CodeWeavers says that it is 
pleased to enable its customers to "do their bit to stave off the effects of the 
apocalyptic zombie plague sweeping this nation". Crossover Games is available 
for download, either directly or via its authorized resellers. 
www.codeweavers.com 
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Gene Sally's Pro Linux Embedded Systems 
(Apress) 

Gene Sally's new book Pro Linux Embedded Systems (Apress) goes beyond just porting embedded 
Linux to new hardware to cover tuning Linux and leveraging open-source code to build more 
robust, feature-rich embedded applications. The guide is a resource for employing technologies and 
techniques typically reserved for desktop systems. Readers will learn the anatomy of an embedded 
Linux project as well as how to create an embedded Linux development environment, configure 
and build an embedded Linux kernel, configure and build open-source projects for embedded 
systems and minimize resources and boot times. In addition, the book explores open-source 
resources available to improve development. 
www.apress.com 


Peter Norvig and Stuart Russell's 
Artificial Intelligence: A Modern Approach, 
Third Edition (Prentice Hall) 

If you're looking for a comprehensive resource on artificial intelligence, pick up the new third edition 
of Peter Norvig and Stuart Russell's book Artificial Intelligence: A Modern Approach. Targeted at 
computer professionals, linguists and cognitive scientists interested in artificial intelligence, this 
work is an exhaustive treatment of the theory and implementations of Al. Key topics include 
intelligent agents, solving problems by searching, informed search methods, game playing, 
agents that reason logically, first-order logic, building a knowledge base, inference in first-order 
logic, logical reasoning systems, practical planning, planning and acting, uncertainty, probabilistic 
reasoning systems, decision making, learning from observations, learning with neural networks, 
agents that communicate, perception, robotics and more. 
www.informit.com 



Russell Artificial Intelligence 

A Modern Approach 

Norvig Th.rJEJition 





RunRev Ltd.'s Revolution 

RunRev Ltd. has boosted the feature set of its new Revolution 4.0 for application and Web development, available for the 
first time in a free version. RunRev says that Revolution offers "dramatic time and resource savings over traditional tools 
such as Flash, Silverlight, Java and C++". The new version 4.0 also offers direct deployment to the Web without recoding 
or writing a line of HTML. Revolution is a modern descendant of natural-language technologies, such as Apple's HyperCard, 
which enables software construction to nonprogrammers. Revolution 4.0 has three editions for different skill levels: the free 
revMedia, the enhanced revStudio and the revEnterprise for mission-critical applications. 
www.runrev.com 
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Coyote Point's Equalizer GX Series 


Coyote Point has bulked up the feature set of its EQ/OS Version 8.6, the latest iteration of the traffic management operating system 
that drives its Equalizer GX series product line. The series ranges from the entry-level E250GX load balancer to the enterprise-class 
E650GX all-in-one application delivery appliance. Core enhancements include 802.1 Q VLAN support, which can double aggregate 

network throughput (up to 2.6 Gbps for the E650GX); 
overhaul of the failover subsystem; cluster-cloning capability; 
an expanded toolset for intelligent load balancing of VMware 
Infrastructure and a new energy-efficiency capability to 
power servers on and off automatically. 
www.coyotepoint.com 
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Comtrol's RocketLinx ES7506 Switch 


Comtrol Corporation says its new RocketLinx ES7506 industrial managed PoE plus switch "changes the game when it 
comes to where you place your devices". Designed for applications such as IP surveillance, security and transportation, 
where power sources are not conveniently located, the RocketLinx ES7506 offers four Power-over-Ethernet (PoE) ports 
delivering up to 30 watts and supporting the new IEEE802.3at standard. "When setting up an IP camera or wireless 
access point, for instance", says Comtrol, "you can choose the optimum location for the application, versus mounting the 
device closest to an available power source". Tasks such as configuring ports, rebooting a failed device or implementing 
green power scheduling can be controlled via SNMP, Web interface or the included RocketLinx NetVision management 
software. Additionally, the switch features two uplink ports that support redundant ring network topologies, which 
enable network failure recovery at less than five milliseconds. 
www.comtrol.com 




gvSIG Desktop GIS 

Brethren map freaks should download the new version 1.9 of gvSIG, a free and 
open-source desktop Geographic Information System (GIS). gvSIG is designed for 
capturing, storing, handling, analyzing and deploying any kind of referenced geographic 
information, in both vector and raster formats, in order to solve complex management 
and planning problems. Version 1.9 sports a range of new features, including 
improved symbology and labeling, enhanced raster handling, geoprocessing with 
line layers, table joining, new data transformation tools and additional languages 
(US English, Brazilian Portuguese, Turkish, Russian, Greek, Swahili and Serbian). 
gvSIG is available for Linux, Mac OS and Windows platforms. 
www.osgeo.org/gvsig 


WS02 Cloud Platform 


WS02 recently announced the launch of its WS02 Cloud Platform, which it calls "the industry's most comprehensive 
platform for extending a service-oriented architecture (SOA) into cloud computing". The new WS02 Cloud Platform 
features a family of WS02 Cloud Virtual Machines. WS02 SOA products are available as WS02 Cloud Virtual Machines 
running on the Amazon Elastic Computing Cloud (EC2) or as VMware ESX virtual machines. Further, WS02 Cloud 
Connectors enable IT developers to provide fast, secure cloud services. And finally, the multi-tenant WS02 Governance- 
as-a-Service empowers IT professionals to manage governance in the cloud. All WS02 Cloud Platform services are based 
on open software standards and support applicable interoperable protocols and relevant open data standards. 
www.wso2.com 
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Please send information about releases of Linux-related products to newproducts@linuxjournal.com or New Products 
c/o Linux Journal PO Box 980985, Houston, TX 77098. Submissions are edited for length and content. 
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Fresh from the Labs 


Bombono DVD—Open-Source 
DVD Authoring Software 

www.bombono.org/cgi-bin/wiki/Home 

Starting off this month we have 
Bombono: a simplistic DVD authoring 
program that doesn't have the steep 
learning curve of many others in its 
field. According to the Web site: 
"Bombono DVD is a DVD authoring 
program for Linux. It is easy to use and 
has nice and clean GUI (Gtk)." 

Also from the Web site, the main 
features of Bombono DVD are: 

■ Excellent MPEG viewer: timeline 
and monitor. 



■ Real WYSIWYG menu editor with 
live thumbnails. 


Bombono DVD lets you author DVDs with ease, particularly with these easy-to-make menus that 
(actually) work. 


■ Comfortable drag-and-drop support. 

■ You can author to folder, make ISO 
images or burn directly to DVD. 

■ Reauthoring: you can import video 
from DVD discs. 

Installation Binaries are available 
for Ubuntu, SUSE, ALT Linux and 
Arch Linux, along with the usual source 
tarball. For those compiling from source, 
there are some pretty stringent library 
requirements. The documentation lists 
the following: 

■ gtk+ >= 2.8 (www.gtk.org) 

■ gtkmm >= 2.4 (www.gtkmm.org) 

■ SCons >= 0.96.1 (www.scons.org) 

■ GraphicsMagick >= 1.1.7 

(www.graphicsmagick.org) 

■ mjpegtools >= 1.8.0 

(mjpeg.sourceforge.net) 

■ libdvdread (www.dtek.chalmers.se/ 
groups/dvd) 

■ dvdauthor 

(dvdauthor.sourceforge.net) 

■ dvd+rw-tools (fy.chalmers.se/ 
~appro/linux/DVD+RW) 



I found that making chapter points in a video is actually really easy, and these chapters also can 
be linked to in your DVD menus. 


■ toolame (sourceforge.net/ 
projects/toolame) 

■ libxml++ 

(libxmlplusplus.sourceforge.net) 

In terms of packages I needed to 
install on my own Kubuntu system 
(obviously some were already in place), 
I needed: scons, libglibmm-2.4-dev, 
libxml++2.6-dev, libmjpegtools-dev, 
graphicsmagick, libgraphicsmagickl, 
libgraphicsmagick++1, 
libgraphicsmagick++1 -dev 
and libgtkmm-2.4-dev. 


Head to the Web site, grab the 
latest tarball, extract it and open a 
terminal in the new folder. Enter: 

$ scons 

If your distribution uses sudo, 
enter: 

$ sudo scons Install 
If not, enter: 

$ su 

# scons install 
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Bombono already has reached the stage of maturity where it can make images and burn them to 
disc on the fly. 


Once the compilation has finished, 
you will find it in your menu, or you can 
start Bombono with the command: 

$ bombono-dvd 

Usage A quick note before we 
jump in: you can use only MPEG-2 .vob 
files. It's a bummer, I know, so if you 
have files such as some DivXes you want 
to include, you're going to have to convert 
them first. Hopefully, future releases will 
support DivX, Xvid, MPEG-4 and so on, 
but for now, you'll have to make do 
with just .vob support. 

Once you have some .vob files 
available, start the program, click on the 
Source tab, and look at the file browser 
on your left. Locate the files you're 
going to use, and either drag them 
across into the Media List pane or click 
the blue + sign. While we're in the 
source section, clicking the Edit button 
when a video is highlighted lets you 
split the file into chapters using the 
timeline below (more on that later). 

For now, let's move on to the menu 
tab. Click the + sign in the Menu List 
pane to create a new menu. Then, you 
can add a menu object to link to a 
video along with some accompanying 
text. To add a menu object, choose the 
shape of the object you want to add 
and click the + sign next to it. Once the 
object has been made, you can move it 
around the screen or resize it. Now, let's 
make a link to the video you want to 
run from the menu object. 


Right-click on the object and choose 
Link^(name of video). Note that if 
you've edited your videos to include 
chapters, these chapters can be linked 
to also, but I don't have the space to 
cover that here. 

Now, let's add some text. You'll be 
in the standard mode for manipulating 
the menu objects as signified by the 
highlighted mouse pointer, but press 
the T button (as in T for text), and you'll 
be ready to go. Click next to an object 
and you'll see a blinking cursor, ready 
for you to start typing. If you don't like 
the font size or color, you can change 
them in the above menu. 

With a menu out of the way, let's 
get back to editing—more specifically, 
making chapters. Return to the 
Source tab, and make your way back 
to the Media List pane. Select the file to 
which you want to add chapters, and 
click the green Edit button. Your file now 
will load up in the big timeline below. 

It appears that when you're editing 
for chapters, if it's not evident where 
you are from the still image on-screen, 
you need to play the video in a separate 
player and take note of what time each 
point is, as the video does not seem to 
play in the window itself (although I 
could be wrong and missing something 
obvious). However, I found this wasn't 
really a Herculean task, so it shouldn't 
be much of a worry. 

In the timeline section, the top slider 
is for browsing around inside the video, 
where the on-screen image will update 
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depending on the position in time. If 
you look to the left, the strong blue 
digital readout will give you the exact 
time the slider is sitting on. To mark out 
a chapter, click the blue button under¬ 
neath the time readout (I'll call it a 
Chapter Marker), and a Chapter Point 
will be made under the slider, marked 
with the same icon as the Chapter 
Marker. If you want to fine-tune this 
position at all, you also can slide around 
the Chapter Point, and if you've made 
one accidentally, you can right-click and 
choose Delete Chapter Point. 

When you're happy with your soon- 
to-be DVD, head to the Output tab. 
Here, you can choose either to write a 
DVD Folder or make a disk image on 
hard drive, or you can just burn the 
project straight to DVD. 

Of course, this project has some 
hurdles to overcome before it's truly ready 
for the mainstream. The most pressing 
issue is that you can use only .vob files for 
now. This is reasonable enough, but when 
given the often tricky task of converting 
files, most lazy people like myself are 
going to throw the whole job in the too- 
hard basket and go back to playing Half- 
Life. It'll be truly ready only when you can 
add almost any video file. This, of course, 
will require some probable structural 
changes to the design and coding—per¬ 
haps adding a video conversion stage prior 
to burning—but it still will be necessary. 

Nevertheless, the authors have taken 
a good approach that I respect—keep¬ 
ing it tight and simple to begin with and 
working properly with the elements they 
do have, instead of creating an unstable 
mess with lots of features. This project is 
simplistic and highly satisfying, and it 
probably will become a distro mainstay 
once it reaches fruition. I'm looking for¬ 
ward to the finished product. 

BuGLe—OpenGL 
Debugging Wrapper 

www.opengl.org/sdk/tools/BuGLe 

According to BuGLe's Web site: "BuGLe 
is a tool for OpenGL debugging, imple¬ 
mented as a wrapper library that sits 
between your program and OpenGL." 
Although it's still in development, the 
Web site states that it already can do 
the following: 

■ Dump a textual log of all GL calls made. 

■ Take a screenshot or capture a video. 


■ Call gIGetError after each call to 
check for errors, and wrap gIGetError 
so that this checking is transparent to 
your program. 

■ Capture and display statistics (such as 
framerate). 

■ Force a wireframe mode. 

■ Recover a backtrace from segmentation 
faults inside the driver, even if the 
driver is compiled without symbols. 

"In addition, there is a debugger 
(gldb-gui) that lets you set breakpoints 
and examine backtraces. It also lets 
you examine OpenGL state, shaders, 
textures, buffers and so on, and drop 
into gdb to see what is going wrong." 

Installation BuGLe is available only 
as source for the moment, so head to 
the Web site and grab the latest tarball. 
As for requirements, the Web site says 
you'll need the following: 

■ GCC 3.2 or later (4.0 is broken, but 
4.1 works). 

■ FFmpeg is needed for video capture. 

■ GNU readline is recommended for 
history editing in gldb. 

■ GTK+ is required for gldb-gui. 

■ GtkGLExt and GLEW are highly recom¬ 
mended for gldb-gui (without them, 
the texture display will not work). 

I found I also had to grab 
libgtkglextl -dev as well as Iibreadline5-dev 
to access some of the features that 
are pretty mandatory. I couldn't get 
my system to recognize libavcodec, 
which may have caused me some 
problems later on. 

As for compilation, the documenta¬ 
tion says you just have to run make to 
begin with, but I found I had to run the 
conf i gure script first, or else make 
would return an error. If I'm right, then 
you'll need to run these commands: 

$ ./configure 
$ make 

If your distro uses sudo: 

$ sudo make install 
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BuGLe is a powerful wrapping tool that can 
perform certain actions with a program when 
specified OpenGL functions are called. 



A debugger also can be used while a program 
is running alongside. 

If your distro doesn't use sudo: 

$ su 

# make install 

I'll quote the documentation 
directly for the next part: "Next, 
you need to install some files for 
the user that will run bugle. Create 
a directory $HOME/.bugle, and 
copy doc/examples/filters and 
doc/examples/statistics into it." 

Usage Okay, I have to level with 
you, I didn't get BuGLe to run the way 
I wanted it to (such as taking screen- 
shots, video and so on). Maybe it was 
the configure script, maybe it was 
libavcodec not detecting, or perhaps I'm 
just dumb and missed something in the 
interface. I don't know. So why am I still 
highlighting this program? I see some 
great potential here, and what may be 
something very powerful in the future 
for anyone in the IT industry. 

All I can really do is point you in 
BuGLe's direction and hope you have 
more luck than I did. I did get some 
functionality working, including some 
debugging, so I'll show you at least 
some basics that a puny mortal like 
myself managed to grasp. 
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To run BuGLe at the command line, use the following syntax: 


$ LD_PRELOAD=libbugle.so your-program [plus any arguments] 


To use the GUI version (much easier), use this syntax: 

$ gldb-gui your-program [plus any arguments] 

This last command starts BuGLe's GUI, but your program 
won't be running yet. Prior to running something, you can 
apply certain parameters, such as setting breakpoints on 
specified OpenGL functions. For information on this, check 
the Web site's documentation (although it seems to be geared 
more for other developers than users at this time of writing). 

To actually run your program, it's as easy as clicking 
Run^Run. You can stop a program manually by clicking 
Run^Stop. The program can be continued with Run^ 
Continue, or continued until the next OpenGL function call 
with Run^Step, and killed with Run->Kill. Also worth a look is 
the debugging console, under Run^Attach GDB, which has 
its own unique set of functions and commands. 

And although I couldn't work out how to get these running 
myself, in the on-line documentation, I found the following 
instructions for using screenshot/video capture filter sets. 

For straight screenshots: 

filterset screenshot 
{ 

filename "screenshot.ppm" 
key_screenshot "C-A-S-S" 

} 


For captured video: 

filterset screenshot C-V inactive 
{ 

video "yes" 
filename "video.avi" 
codec "mpeg4" 
bit rate "1000000" 
allframes "no" 

} 


I may not have had much luck with BuGLe's bigger functions, 
but this is software in its early stages. When this project 
matures, the coding and its resulting possibilities will no doubt 
be very powerful—whether you're a graphics developer testing 
the latest driver or just a journo like me looking to take a 
screenshot from within a program. And when that's happened, 
someone probably will come along with a second GUI to use 
its functions in an alternative way, such as home users taking 
videos of whatever program they're running. Either way, the 
potential uses for this project are huge.* 


John Knight is a 25-year-old, drumming- and climbing-obsessed maniac from the world’s most 
isolated city—Perth, Western Australia. He can usually be found either buried in an Audacity 
screen or thrashing a kick-drum beyond recognition. 


Brewing something fresh, innovative or mind-bending? 
Send e-mail to newprojects@linuxjournal.com. 
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OpenOffice.org vs. 
Microsoft Office 

Nobody disputes that Microsoft Office is king of the hill in 
office suites, but if you put marketing and market share 
aside, how does OpenOffice.org compare? bruce byfield 


How does OpenOffice.org (OOo) 
compare with Microsoft Office (MSO)? 
The question is harder to answer than 
you might expect. Few users have the 
experience or patience to do a thorough 
comparison. Too often, they miss features 
that have different names or are in dif¬ 
ferent positions in the editing window. 
Or, perhaps they overlook the fact 
that some features, although missing 
in one, easily can be added through 
customization. Yet another problem 
when comparing something to MSO is 
which of the eight current versions of 
MSO do you use for the comparison? 

To cut through these difficulties, as 
I compared OpenOffice.org 3.1.1 and 
Microsoft Office 2007, I assumed until 
a search proved otherwise that, if one 
office suite included a feature, the other 
also would have it. I also focused on 
the three core applications: the word 


processors, spreadsheets and presentation 
programs. The results suggest a close fea¬ 
ture match for average users, but in some 
cases, a clear choice for expert users. 

Navigating the Interface 

In Office 2007, Microsoft implemented 
its Fluent User Interface (better known 
as ribbons), replacing menus and 
taskbars with a combination of both. 

By contrast, OOo still retains menus 
and taskbars. Both use context-specific 
floating windows that open automati¬ 
cally when the cursor is at a particular 
type of formatting. When ribbons first 
appeared, they were both attacked 
and defended vigorously. Yet for all the 
effort, no independent study has proven 
conclusively that ribbons are easier or 
harder to use than the classic menus 
and taskbars. At first, you may have to 
search for repositioned features, but 


neither has a clear advantage once you 
adjust to it. Most users are likely to be 
exasperated with the arrangement of 
features with the classic interface just as 
often as they are with ribbons. 

Much the same is true of the on-line 
help. With MSO, users hoping for 
help have to drill down deep to find 
answers, and the arrangement of topics 
by questions is both limiting and hard 
to scan. With OOo, the problems with 
help are incompleteness and out of 
date and poorly written entries, but the 
result is equally unfriendly, even though 
the help system is more thorough. 

As for the editing window, one 
office suite needs only to implement a 
feature for the other one to copy it. For 
instance, OOo borrows a zoom slider 
bar from MSO, while MSO borrowed 
floating windows from OOo. And, 
although you can point to areas where 
the interface of one is easier or more 
efficient, such as the template selector 
in MSO or OOo's Navigator that allows 
you to jump from feature to feature, 
these areas are counterbalanced by 
other features in which each suite is 
at a disadvantage. Verdict: tie. 

The interfaces vary in strengths 
and weaknesses, but neither stands 
out as particularly well done. The 
main reason for preferring one 
interface over another is that you 
are used to it. 




Figure 1. MS Word 


Figure 2. OpenOffice.org Writer 
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Word Processors: OOo Writer 
vs. MSO Word 

For casual users, Microsoft Word is 
extremely convenient. For every feature, 
from templates and content pages to 
tables and bullets, Word offers libraries of 
standard layouts. These libraries are not 
particularly sophisticated by typographical 
standards. Some, like those for tables of 
contents, are frankly an aesthetic disaster, 
but for those who choose to ignore 
document design, they are good enough, 
especially in documents that will be used 
once and then discarded. 

By contrast, the rumor is that OOo 
Writer's developers were required to 
use the word processor for their own 
documentation. Whether the rumor 
is true is uncertain, but it is true that 
Writer has more to offer for those who 
are concerned with document design. 
Writer comes with very few layout 
libraries, leaving you to download or 
create them, but in compensation, it 
allows you a degree of control that 
makes it as much an intermediate 
layout program as a word processor. 
Kerning, hyphenation, the exact posi¬ 
tioning of list bullets, headers, footers 
and footnotes or endnotes—all these 
layout features can be set with far 
greater precision in Writer than in Word. 

To help you organize this precision, 
Writer is distinctly oriented toward 
styles. As you may know, styles is a 
feature that allows you to adjust 
formatting once, then apply the settings 
where needed, instead of applying all 


the formatting manually each time you 
use it. Styles really save time when you 
are making major changes to layout and 
when saved into templates for re-use. 
Writer allows you to set styles for 
paragraphs, characters, pages, lists and 
object frames. Even more important, 
Writer is so oriented toward styles that 
even a simple act like adding a page 
number generally requires them. Some 
features, like outline numbering, are 
impossible without them. In compari¬ 
son, Word is far more oriented toward 
manual formatting. 

Although Word does include para¬ 
graph and character styles, you have to 
seek them out if you want to use them. 
When you do locate styles, you have to 
drill down into menus to change them, 
a process that is decidedly more awk¬ 
ward than Writer's arrangement of tabs 
in a window. Nor will you find the preci¬ 
sion present in Writer's features. Rather 
than using styles, most Word users, I 
suspect, would prefer to stick with its 
layout libraries. In other words, Writer 
is more for advanced users, and Word 
for beginners. Word's orientation in 
particular, is implicit in the interface, 
which makes manual formatting tools 
easy to find and styles just one feature 
among dozens. The orientation is 
implicit also in the fact that advanced 
features like AutoText are so deeply 
buried, many users still believe that they 
were dropped when ribbons arrived. A 
corollary of the difference in orientation 
is that although Writer is adequate for 


documents of hundreds of pages, few 
experienced users ever would consider 
Word for documents of more than 
about 20 pages. 

Despite the change in the interface, 
Word is still crash-prone at greater 
lengths. Word does include a master 
document feature, just as Writer does, 
but as one commenter said, files that 
use Word's master document feature 
tend to be in one of two states— 
corrupted or about to be corrupted. 
Verdict: Writer. 

You have to do more initial work 
with Writer to set up the templates you 
need, but once you do, the result is 
more professional, precise and individual 
than with Word. 

Spreadsheets: OOo Calc vs. 
MSO Excel 

Calc and Excel have been in an arms 
race for years. Excel extends the num¬ 
bers of columns and rows it can support 
in one release, and in the next, Calc 
matches it. Recent releases also have 
seen developers improving Calc's speed 
when processing complex equations. 
Consequently, both Calc and Excel now 
support spreadsheets that are so exten¬ 
sive, any sane user would have switched 
from a spreadsheet to a database long 
before bumping against the limitations. 
In much the same way, Calc always has 
been careful to match Excel function for 
function to maximize compatibility. In 
fact, Calc actually has several dozen 
more functions than Excel, not because 


Untitled 1 -OpenOttice.org Calc 

L.ctfT jniert format Jpok yan* Window yelp 

©© © 

X 

1.; ’N v- 

* -■ *4 

■ ’ 

v ’ 

•ltd 2 

UV 

- 

i |i ibararian sun* 

d l»° 

d » 0(3 till 3111 

l) £) 

al a 

« 

F* 

d a- i 

t ~ 1 






B 1 

1-c-1 

[-5-] 

1-E-1 

I-f-1 

I-6-1 

[-H-] 

1-i— 1 

“ 










2 










3 










4 










6 










7 










a 

9 










10 










11 










1? 

13 




















15 











16 

17 










18 










19 

20 










21 










22 











73 

24 










_ 25 _ 










26 










d 

jlIl 

1- K Sheet 1 1 Sheet2 /Sheet 3 / II - 


— ■! 



lA 

Sheet 1 / 3 Default 

■"nsffiri i [| 

Sum-0 

lo-*— 

— 0 100% 



Figure 3. MS Excel 


Figure 4. 0pen0ffice.org Calc 


www.linuxjournal.com february 201 0 | 47 





















































REVIEWS 


Calc can do more, but because it often 
maintains two versions of the same 
function—one for compatibility with 
Excel and one with extra features that 
Excel lacks. Given the sheer number of 
functions in both spreadsheets, I cannot 
be completely certain that one has func¬ 
tions the other lacks, but if either does, 
those functions are specialized ones that 
average users are unlikely to miss. 

For sorting cell entries and manipu¬ 
lating formulae, Calc and Excel have a 
roughly equivalent feature set. The main 
difference is in some of the names—for 
instance, where Excel refers to "pivot 
tables" and "trace precedents", Calc refers 
to "datapilots" and "detective". With the 
basics so close, the differences between 
Calc and Excel remain minor at best. 

For example, pivot tables in Excel are 
easier to construct than Calc's datapilots 
and easier to manipulate later, although 
the use of cell and page styles in Calc 
makes formatting and printing easier. 

In the end, which application you prefer 
depends on what extras matter to you. 
Most users are unlikely to find any 
great difference in general functionality. 
Verdict: tie. 

Slideshows: OOo Impress vs. 
MSO PowerPoint 

OOo Impress produces slideshows that 
serve the needs of most users. It always 
has been especially strong in object ani¬ 
mation, and because it shares much of 
its code with OOo's Draw, it also is ideal 
for drawing charts and diagrams. One 
particularly useful feature is the ability to 
save object styles so that you easily can 
create copies and modify them all. Yet, 
despite such features, Impress always 
has struggled to catch up with MSO 
PowerPoint. Over its releases, it has nar¬ 
rowed the gap, adding built-in support 
for movie and sound clips and more 
recently tables. However, the gap 
remains in several key areas. For 
example, although PowerPoint allows 
the recording of continuous narrations, 
Impress is limited to adding sound clips 
to each screen. Similarly, Impress lacks 
the ability to use the pointer to draw 
on the screen during a presentation. 

If you want a Presenter View—a view 
that includes notes that display on your 
machine but not on the projector—you 
have to install the Sun Presenter Console 
extension in Impress. And, although 
PowerPoint includes a set of collaboration 
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Figure 5. MS PowerPoint 



Figure 6. OpenOffice.org Impress 

features similar to those found in Word, 
Impress's first step to match them is 
scheduled to arrive in only OOo 3.2, 
when notes will be added. 

Another weakness of Impress is that it 
is divided into three panes: a slide pane, 
the current slide pane and a task pane. 
This makes Impress almost impossible 
to use except in a full-screen window. 
However, although PowerPoint occa¬ 
sionally opens a task pane, in general, 
its ribbon interface means that it does 
not usually need one. Verdict: PowerPoint. 

Other Features 

Beyond the core applications, both MSO 
and OOo include other programs. Both 
include a small database, although 
OOo's ability to connect easily to other 
database sources gives it a slight edge. In 
some editions, MSO includes Microsoft 
Outlook, a personal information manager; 
Visio, a charting program; Publisher, a 
basic desktop layout program, and a 
dozen more. The only other application 
in OOo is Draw, an SVG graphics editor, 
but as free software, OOo can be sup¬ 
plemented by dozens of other applica¬ 
tions. Although these applications may 


not always interact well with each other, 
neither do the components of MSO. 

And, at least an increasing number of 
free software applications support OOo's 
Open Document Format, which means 
that a document written in Writer can 
be opened in AbiWord or KWord. 

Yet another consideration is that, 
although MSO has an ecosystem of 
dozens of trainers and instructional Web 
pages built around it, instruction and 
resources for OOo are much scarcer. 
Conversely, OOo has developed a 
community of extension writers that is 
second only to Firefox's, while MSO's 
extensions are far fewer in number. 

The Outcome 

The fact that OpenOffice.org is free 
software predisposes me to prefer it. 
However, until I completed the analysis, 

I had no idea what the results would 
be. They ended (if you haven't been 
keeping score) with OOo and MSO in 
a tie for general interface and spread¬ 
sheets, OOo in the lead in word 
processors, and MSO ahead in slide 
presentations. What these results suggest, 
I think, is that both office suites are 
mature products. Given a moment's 
thought, that shouldn't be surprising, 
since OOo's development goes back 
more than 20 years. But we tend to 
think of OOo as a recent development, 
so the closeness of the comparison may 
come as a bit of a surprise. 

This is the fourth time I have 
compared the two office suites. Each 
time, the differences between them 
have gotten smaller. Now, they are less 
than ever before. For those of us in the 
Free Software community, the latest 
results help to prove what we have 
known all along: opting for free software 
does not mean being satisfied with infe¬ 
rior tools. Of course, you might disagree 
with my conclusions, depending on 
your needs and expertise. But what they 
emphasize, more than anything else is that 
today free productivity apps can stand toe 
to toe with their proprietary equivalents, 
and win as often as they lose.* 


Bruce Byfield is a computer journalist who covers free and 
open-source software. He has been a contributing editor at 
Maximum Linux and Linux.com, and he currently is doing a 
column and a blog for Linux Pro Magazine. His articles appear 
regularly on such sites as Datamation, Linux Journal and 
Linux Planet. His article, “11 tips for moving to OpenOffice.org” 
was the cover story for the March 2004 issue of Linux Journal. 
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A Review of the Always 
Innovating Touchbook 

Take an ARM Processor (the OMAP3530) add a touchscreen and Linux and a quart of 
uniqueness, and what do you get? A Touchbook from Always Innovating, that’s what. 

DANIEL BARTHOLOMEW 



Figure 1. The entire contents of the box the Touchbook came in—no literature, no manuals, just 
the Touchbook, a stylus, three magnets and a power brick. 


The Netbook form factor is as boring 
as it is predictable: a 9-11 11 screen, an 
Atom processor, a small hard drive and 
about 1GB of RAM, all shoved into a 
small case with a cramped keyboard. 
Netbooks from Dell, HP, Acer, ASUS 
and others all fit this definition. 

Fortunately, some companies are 
willing to try new ideas and form 
factors. One of these products is quite 
unlike anything else in the Netbook 
space and its called the Touchbook from 
a company named Always Innovating 
(Figures 1 and 2). True to the company 
name, the $399 Touchbook does have 
several innovating features that set it 
apart from other Netbooks. 

For one thing, the Touchbook does 
not use an Atom processor. Instead, its 
hardware is based on the BeagleBoard 
Project and is built around the Texas 
Instruments OMAP3530 processor. 

The Touchbook also has an interesting 
approach to expansion cards and 
onboard storage. The included Bluetooth 
and Wi-Fi adapters plug in to two of 
the Touchbook's four internal USB ports 
and the "hard drive" is a standard 8GB 
SDHC card like you might use in your 
digital camera. 

The hardware design is the opposite 
of what you find in most Netbooks. 
Instead of trying to squeeze everything 
into the smallest, thinest, lightest 
package, Al has created a case where 
everything has plenty of space and is 
easily removable—usually without tools 
and in the worst scenario, with just a 
screwdriver. This results in a case that 
is curiously blocky and as thick as a 
standard notebook. 

Another interesting design decision 
was to make the Touchbook a tablet first 
and a Netbook second. Because of that, 
the screen section is thicker and heavier 
than the keyboard section. This leads 
to a problem I've never had with a 


notebook-style computer before: if the 
screen is at more than a 90-degree angle 
the Touchbook will fall over backward. 

The advantage of this design is 
that the keyboard can be completely 
removed from the Touchbook (Figure 3). 
The screen half has everything it needs, 
including a 6000 mAh battery. You 
even can save $100 off the cost of a 
Touchbook by purchasing it without 
a keyboard. The only things in the 
keyboard half are the keyboard, a 
touchpad and a 12000 mAh battery. 
Always Innovating claims ten hours of 
battery life for both batteries together. 

The screen half also can be turned 
around and mounted to the keyboard 
backward. This could be useful in 
several situations: if you want to have 
the Touchbook in tablet mode but want 


to keep the keyboard with you, or if 
you want to prop the Touchbook up 
to watch a movie. 

The screen measures 8.9" diagonally 
and has a resolution of 1024x600 
pixels. True to its name, the screen is 
touch-sensitive. Unfortunately, it is a 
resistive touchscreen and not a more- 
accurate capacitive touchscreen. 

Rounding out the hardware, the 
Touchbook comes with 256MB of 
RAM, 256MB of NAND Flash memory, 
three external USB ports, an 
accelerometer, stereo speakers and 
headphone/microphone jacks. 

The hardware on the Touchbook is 
definitely not what I'm used to in the 
Netbook and notebook space. For one, 
it is more accessible and hackable. You 
slide one latch, and the entire back 
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cover of the screen half comes off. 
Inside, everything is easy to get to and 
various parts can be either unplugged 
(the Wi-Fi and Bluetooth modules) or 
unscrewed (the motherboard and 
battery). There are some size and 
weight trade-offs that go along with 


this, but I can live with them. If you're 
looking for a thin and light Netbook, 
the Touchbook probably is not for you. 
But, if you like digging into the guts of 
your devices, the design of the Touchbook 
makes it easy to disassemble and hack. 

The form factor lends itself to some 


interesting applications. For example, 
you could hang the Touchbook from the 
back of a headrest in a car and use a 
Bluetooth keyboard for a bit of word 
processing while on a trip. It would 
have been nice if the detachable bottom 
part of the Touchbook turned into a 
Bluetooth keyboard when unplugged. 
Then, when you detached the screen, 
you still could use the keyboard. 

Probably the most unusual peripheral 
that ships with the Touchbook is a set 
of three magnets. They're each about 
the size of a US dollar coin (bigger than 
a quarter, smaller than a 50-cent piece). 
These strong magnets came stuck 
together and were very hard to take 
apart (I had to use the edge of a table). 
There's even a note on the Always 
Innovating Web site saying they're 
working on their packaging so that the 
magnets are easier to take apart when 
you first get them. Keep these magnets 
far away from any children as they 
will get their fingers pinched if they 
try to play with them. 

The purpose of the magnets is to 
allow you to stick the Touchbook to a 
metal surface, like your fridge. The back 
cover of the Touchbook has three metal 
rectangles, and you stick the foam-covered 
sides of the magnets to the outside of 
the back cover opposite the rectangles 
(it helps to take the cover off while 
doing this). The theory is that you then 
can stick the Touchbook to your fridge 
and watch a movie or play some music 
or surf the Web while cooking or wash¬ 
ing dishes (watch out for soapy hands). 
It's sadly just a theory in my case. I don't 
know if my fridge is too slick or if the 
magnets aren't strong enough, but the 
Touchbook tends to slide down the side 
of my fridge and not stay put. I had 
better luck when I turned the magnets 



Figure 4. The Touchbook with the Back Cover 
Off, Top View 



Figure 2. The Touchbook 



Figure 3. The Touchbook Screen Detached 
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Figure 5. The Touchbook Default Desktop 


over so that the foam-covered side was 
toward the fridge. It probably would 
work perfectly if both sides of the 
magnets were covered in foam. 

My only strong complaint about the 
Touchbook hardware is the keyboard— 
more specifically, how the keys are 
arranged. I'm right-handed, and I've got¬ 
ten very used to using my right thumb to 
press the spacebar. On the Touchbook, 
the spacebar is off-center to the left, and 
my right thumb sits directly over the Alt 
key. There's no comfortable way to 
stretch my right thumb over to press the 
spacebar, so I'm forced to use my left 
thumb, which is very awkward for me. 

Keyboard issues aside, I am quite 
happy with the Touchbook's hardware. 
It's refreshingly different, surprisingly 
accessible and doesn't look half bad (if 
you don't mind the rounded boxy look). 

On the software side, things are not 
quite as rosy at present. In its defense, 
Always Innovating clearly states on the 
Web site that the operating system 
and other software are of beta quality. 
Hopefully, that will improve by the time 
you read this. 

One issue I ran into a lot is the 
screen is not very responsive, especially 
in tablet mode. It seems more responsive 


in keyboard-attached mode, so I 
suspect the software is responsible 
for the difference, and it is not a flaw 
with the touchscreen hardware itself. 

The base Linux OS also has several 
issues. It's a customized distribution 
made just for the Touchbook. One issue 
I had was that when errors happened 
during the launching of an app (and they 
often did), the app would silently fail to 
start and leave me staring at the desktop 
wondering if the app would ever start. 
This happened mainly in tablet mode. 

Software updates are also hit and 
miss at present. When I first received 
the Touchbook, the Check Update menu 
item reported that I had an update to 
install and that it would download it in 
the background and let me know when 
it was ready to install. It never notified 
me, and there was no progress widget 
or dialog box to let me know how 


things were going. About an hour after 
I started the update, I managed to get 
the Touchbook to lock up completely, 
and I had to do a forced reboot by press¬ 
ing the power button for three seconds. 
After I rebooted and got back to the 
desktop and checked on the update, it 
said I was up to date. Not wanting to 
operate with a system that possibly was 


not upgraded cleanly, I took the SD card 
out and followed the instructions on the 
Touchbook Wiki to install a fresh copy of 
the OS onto the card. 

The basic procedure for this is as 
follows (replace /dev/sdX with the 
correct value on your system): 

1. Download the latest sd-card.gz OS 
image from Always Innovating. 

2. Take the SD card out of the 
Touchbook and put it into your 
desktop or laptop. 

3. Unmount any mounted partitions 
from the card if your distribution 
mounts them automatically (take 
note of the /dev/sdX letter). 

4. Wipe the card using dd -if 
/dev/zero -of /dev/sdx. 


5. Install the OS to the card using 
gunzip -dc sd-card.gz | dd 
of=/dev/sdX. 

After going through this procedure, I 
didn't really notice much of a difference 
stability-wise, but at least I knew the 
procedure worked. 

Software on the Touchbook includes 
AbiWord, Gnumeric, three different 
Web browsers (Firefox, Fennec and 
Midori), a painting program called 
MyPaint, The GIMP (confusingly named 
Image Workshop in the menu), the 
Xournal graphical note-taking applica¬ 
tion, Evince for reading PDFs, GNOME 
MPlayer for playing audio and video 
content, gThumb for viewing photos, 
the FBReader e-book application, the 
Pidgin IM client, a Hulu client, a selec¬ 
tion of card and puzzle games, and 
Crazy Tanks (a 3-D tank combat game 
that uses the accelerometer for steering). 

I tried playing Crazy Tanks, and 
it seemed to play fine. I could drive 
around by tilting the display and shoot 
at other tanks by tapping on the screen. 
However, there is no obvious way to 
quit the game apart from dying or 
holding in the power button until the 
Touchbook turns itself off. 

I also tried to watch an episode of 
The A-Team using the Hulu client. I was 
able to search for the show and select 
an episode, but it never played. I tried 
several other shows but none of them 
played either. 

The other applications were along 


The hardware on the Touchbook is definitely not 
what I’m used to in the Netbook and notebook 
space. For one, it is more accessible and hackable. 
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Display Properties 

Fixed rotation: 

[v] Auto rotation 
[7| Only in tablet mode 

Normal (0 degree) 1^1 


Figure 6. The Display properties dialog is 
very sparse. 



Figure 7. Tablet Mode 


the lines of what I expected based on 
my experiences with them in the past. 

The desktop runs Xfce4, which, 
although not exciting, seems to run well 
(Figure 5). Some applications tended to 
crash a lot. AbiWord, for example, tended 
to freeze up whenever I tried to print. I 
attribute this in general to the unfinished 
and unstable nature of the beta OS and 
in particular to the CUPS software. 

The display properties window 
(Figure 6) lets you specify whether the 
display will rotate automatically, and 
you can further specify if you want 
automatic rotation only when the 
Touchbook is in tablet mode. The screen 
does rotate automatically, but the Only 
in tablet mode check box does not 
change the behavior. The screen always 
rotates when you physically rotate the 
Touchbook if the Auto rotation check 
box is checked, tablet mode or no. 

Speaking of tablet mode (Figure 7), 

I almost never had anything launch 
successfully when using it. In the rare 
instances when something did launch 
successfully in tablet mode, the Touchbook 
automatically resized everything to full 
screen, which makes sense. 

The instability goes deeper than that 
with large pieces like AbiWord. Even 
simple things, like pressing the prtsc (aka 
Print Screen) button to take a screenshot 
didn't work most of the time. In fact, it 
usually worked exactly once per reboot. 

The processor in the Touchbook 
seems quite capable for ordinary word¬ 
processing and Web-browsing tasks, but 


the filesystem is really slow. This stems, 

I suspect, from its use of an SD card for 
primary storage. 

I ran two content tests, one for 
video and one for audio. For video, I 
tested performance with multiple 
sizes of the Big Buck Bunny movie 
from the Peach Open Movie Project. 
The Touchbook did fine with the 480P 
(854x480) sized MP4 movie but couldn't 
handle the extra processing required for 
the 480P h.264 file, a smaller 640x360 
h.264 file or any of the larger files. 

For audio, I used the same batch 
of test files I use when testing audio 
players. These include audio files in AIFF, 
MP3, WAV, M4A, Ogg and FLAC format. 
The Touchbook played all of them fine. 
I've also recently added some high- 
definition FLAC files to my test suite. 
These files include ones at the following 
bit/kHz combinations: 24/88, 24/176.4 
and 24/192, with anywhere from two to 
six channels of audio. This is an unfair 
test, especially because ALSA down- 
sampled the dual-channel files to 
48KHz and because the speakers on 
the Touchbook aren't anywhere close to 
being audiophile quality. However, I was 
impressed that the Touchbook actually 
was able to play the files. The only time 
it obviously messed up was with my 
surround-sound test file, which has 
someone saying "left", "right", 

"center", "back" and so on. Not only 
was the audio present only for the "left" 
and "right" portions of the test, but 
they also were switched so that they 
were coming from the wrong sides—not 
a big deal but interesting. And, for those 
who want to standardize their music 
libraries on a single format, the Touchbook 
should be able to play them, even if 
the format is high-definition FLAC. 

Finally, the Touchbook has an annoy¬ 
ing habit of going to sleep after letting 
it sit for a minute or so. Sometimes I 
don't even have to let it sit, it will 
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Figure 8. Using Xournal to Write a Note 


just go to sleep while I'm typing—at 
least, I think it's sleeping. The screen 
turns off, and I can press the power 
button once and then count to ten, 
and the screen will come back on. This 
happens even when the Touchbook is 
plugged in. It's annoying. 

Conclusion 

In the final analysis, I like the hardware 
much more than I like the software, and 
I like the Touchbook's potential more 
than I like its current state. If you just 
want a Netbook that works, stay away 
for now. If, however, you like tinkering 
and don't mind a bumpy road, there's 
a lot to like.a 


Daniel Bartholomew lives with his wife and children in North 
Carolina. His on-line home is at daniel-bartholomew.com. 


Resources 


Always Innovating: alwaysinnovating.com 
BeagleBoard: www.beagleboard.org 

Re-install Instructions: www.alwaysinnovating.com/wiki/index.php/Reinstall_OS 
Big Buck Bunny: www.bigbuckbunny.org 
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KDE 4 

ON 

WINDOWS 

Let KDE Konquer your Windows desktop. 


H ave you ever found yourself working on 
Windows—for whatever reason—and 
reached for one of your favorite appli¬ 
cations from the free software world only to 
remember that it is not available on Windows? 

It is not a problem for some of the best- 
known free software applications, such as 
Firefox, Thunderbird, OpenOffice.org, GIMP 
or Pidgin. However, for some popular Linux 
applications, such as those from the KDE desktop 
software project, cross-platform support only 
recently became a possibility. KDE relies on the 


STUART JARVIS 


Qt toolkit from Nokia, which has long been 
available under the GPL for operating systems 
such as Linux that use the X Window System, 
but it was available under proprietary licenses 
for Windows only until the most recent series, 
Qt4. With the release of a GPL Qt for Windows, 
KDE developers started work on porting the 
libraries and applications to Windows, and 
the KDE on Windows Project was born. The 
project tracks the main KDE releases on Linux 
and normally has Windows versions of the 
applications available shortly after. 
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INSTALLATION 

It is easy to try out KDE applications on 
Windows. Simply go to the project Web 
site (windows.kde.org), download 
and run the installer (Figure 1). You'll be 
presented with a few choices to make, 
such as the installation mode (a simple 
"End User" mode with a flat list of 
applications or the "Package Manager" 
mode that is categorized like many of 
the Linux package managers). You also 
are given the option of whether to 
install packages made with the Microsoft 
compiler or those made with a free 
software alternative—as many users are 
likely neither to care about nor under¬ 
stand this option, it may have been 
better to hide it in an advanced tab. 

Next, you are presented with a 
choice of download mirrors, followed 
by the choice of which version of KDE 
software to install. It's hard to imagine 
why you wouldn't simply want the 
latest stable release, but the installer 


gives you a few options and, oddly, seems 
to preselect the oldest by default. 

In the next step, you are presented 
with a list of applications and software 
groups available to install, or you can 
select everything (Figure 2). The installer 
then takes care of downloading and 
installing the software, and you don't 
need to make any further interventions. 

I did find that the speed of the various 
mirrors varied greatly; some were up to 
ten times faster than others. If you're 
short of time and things seem to be 
going slowly, it may be worth canceling 
the download and trying another mirror. 
The installer is intelligent enough to re-use 
what you already have downloaded, so 
you don't really lose anything in this 
way. When the installation is complete, 
your new KDE applications are available 
in a KDE Release subsection of the 
Windows application menu. 

The main KDE 4 distribution for 
Linux is split into large modules—for 
example, Marble, 
a desktop globe 
application, is 
part of the KDE 
Education module 
with many other 
applications for 
subjects ranging 
from chemistry to 
astronomy. This 
works fine on 
Linux, where most 
of what you need 
is installed with 
your chosen 
distribution. But, 
if you're on 
Windows and 
want a desktop 
globe but have 
no interest in 
chemistry or 
physics, there are 
clear benefits in 
preserving your 
download band¬ 
width and hard- 
drive space by not 
downloading 
everything else. 
Patrick Spendrin, 
a member of 
both the KDE on 
Windows and 
Marble projects, 
says they recognize 


this issue: "as one can see, we are 
already working on splitting up pack¬ 
ages into smaller parts, so that each 
application can be installed separately." 
Many modules already have been split, 
so you can install the photo manage¬ 
ment application digiKam, individual 
games and key parts of the KDE soft¬ 
ware development kit separately from 
their companion applications. The 
productivity suite KOffice will be split 
up in a similar way in the near future, 
and Patrick hopes that the Education 
module will follow shortly afterward. 

Overall, the installation process will 
feel familiar and easy if you've used 
Linux in the past. However, if you have 
used only Windows, the process of 
using a single installer to install whatever 
applications you want may seem a little 
strange. After all, most applications for 
Windows are installed by downloading a 
single self-contained executable file that 
installs the application and everything it 
needs to run in one go. The KDE on 
Windows installation process reflects the 
fact that KDE applications share a lot of 
code in common libraries. 

Patrick explains that individual 
self-contained installers simply would 
not make sense at this stage: "the 
base libraries for a KDE application are 
around 200MB, so each single applica¬ 
tion installer would be probably this 
size." Aversion of Marble, however, 
is available from its Web site as a self- 
contained installer—the map widget is 
pure Qt, so it is possible to maintain both 
a Qt and KDE user interface wrapping 
that widget. The pure Qt version is small 
enough to be packaged in this way. 

As Torsten Rahn, Marble's original 
author and core developer puts it, 
having a standalone installer for the full 
KDE version of Marble "would increase 
the time a user needs to download and 
install Marble; installing the Qt version 
takes less than a minute." It might be 
possible in the future to package a com¬ 
mon runtime environment and provide 
applications as separate executables, simi¬ 
lar to the approach taken by Java applica¬ 
tions, but Patrick notes that this would 
take time, as "it would be a lot different 
from the current Linux-like layout." In 
any case, the current approach has some 
advantages, because it makes you aware 
of other available applications and allows 
you to try them out simply by marking an 
extra check box. 



Figure 1. KDE on Windows Installer Welcome Screen 



Figure 2. The installer provides a simple list of applications available 
for installation. 
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FIRST IMPRESSIONS 

The KDE 4 Windows install comes with 
a slimmed-down version of the System 
Settings configuration module (Figure 
3), which will be familiar to you if 
you've used KDE 4 on Linux. Here, 
you can adjust KDE 4 notifications and 
default applications in addition to lan¬ 
guage and regional settings. However, 
these apply only to the KDE applications, 
so you can encounter slightly odd 
situations. For example, if you open an 
image from Windows Explorer, it will be 
shown by the Windows Picture and Fax 
Viewer, but if you open the same file 
from KDE 4's Dolphin file manager, it 
will be opened with the KDE image 
viewer, Gwenview. Of course, you can 


use the Windows control panel to make 
Windows prefer KDE applications for 
opening images and documents and 
change the file associations for Dolphin 
so that it will use other Windows pro¬ 
grams that you have installed, but you 
will need to make adjustments in both 
places to get consistent behavior. 

System Settings also allows you to 
choose a selection of themes for your 
KDE applications, including some that 
tie in well with the Classic and Luna 
themes in Windows XP. At present, KDE 
4 doesn't include special themes for 
Windows Vista or Windows 7. However, 
Windows users are accustomed to using 
mismatching software from many differ¬ 
ent vendors, and the KDE applications 
fit in as well as 
anything else. 

Most of the 
applications I tried 
seemed just fine, 
at least to start 
with. Konqueror, 
for example, 
correctly displayed 
the selection of 
major Web sites I 
visited (Figure 4). 
However, after 
using the applica¬ 
tions for a while, 

I began to notice 
a less-than-perfect 
integration with 
the Windows envi¬ 
ronment. Okular, 
the KDE document 


viewer, used the default Windows 
dialog for open and save, with common 
Windows folders, such as Desktop and 
My Documents, available on the left- 
hand panel. However, other applica¬ 
tions, such as KWord, used the KDE file 
dialog which, in common with the 
Dolphin file manager, has links on the 
left-hand panel to Home and Root. 
These labels probably will not mean a 
lot to a Windows user unfamiliar with a 
traditional Linux filesystem layout, and it 
would be nice to see Dolphin and KDE 
dialogs modified to show standard 
Windows folders, such as Desktop and 
My Documents instead. 

STATE OF THE APPLICATIONS 

digiKam, the photo management 
application, is one of the real highlights 
of the KDE world on Linux (Figure 5). 

On Windows, it started fine, found 
all my images and allowed me to view 
a full-screen slideshow. I was able to 
use its powerful editing tool to crop a 
photo and adjust the color levels of an 
image, but when saving the modifications, 

I received an error that the save location 
was invalid. digiKam was attempting 
to prepend a forward slash (as found 
in a Linux filesystem) to the save loca¬ 
tion, so that it read "/C:/Documents 
and Settings...". A small error, but 
one that makes practical use of the 
application difficult. 

KOffice2, still experimental on Linux, 
seemed to run quite well on Windows. 

I was able to create a document, save 
it in OpenDocument format and then 



Figure 3. The KDE System Settings module lets you adapt the look and 
feel of KDE applications to match your system. 



Figure 4. KDE’s Konqueror Web browser handled all the major sites Figure 5. digiKam. the KDE photo manager worked quite well, finding 
I tried. and organizing my photos. 
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Figure 7. The Dolphin file manager is an attractive and easy-to-use 
replacement for Explorer. 


open it in Okular. Windows users who 
primarily use Microsoft Office and 
don't want to use another office suite 
might consider Okular as a lightweight 
OpenDocument viewer. 

One of my favorite KDE applications 
on Linux is Kopete, the universal 
messaging application (Figure 6). I 
was able to log in to my Windows Live 
Messenger account and chat to my 
contacts, but the XMPP protocol (used 
by Google Talk) wasn't available. 
Integration with KDE's secure password 
storage system, KWallet, also seemed 
imperfect, as I had to go through two 
rounds of unlocking the wallet before 
Kopete appeared to have access to the 
account passwords. 



Figure 6. Kopete works well with the Windows 
Live Messenger service but currently lacks 
XMPP support on Windows. 

Dolphin, the file manager, seemed 
to work well (Figure 7), and its bread¬ 
crumb navigation structure made rapid 
switches between folders easy. It felt 
faster than Windows Explorer at loading 
thumbnails of images, and the preview 
pane provides excellent file overviews 
without having to open a dedicated 
application. If I spent a lot of time on 


Windows, I would 
be tempted to try 
Dolphin as an 
Explorer replace¬ 
ment. As men¬ 
tioned previously, 

Konqueror also 
handled everything 
I threw at it. 

One notable 
application missing 
from the KDE 
installer is Amarok, 
the popular 
music player. The 
Amarok Web site 
explains that the 
Windows port is 
highly experimental 
and has been omitted from the KDE 4.3 
release of the KDE on Windows 
installer, although it was available on 
Windows with KDE 4.2. In fact, no 
music or video player was available from 
the KDE installer for version 4.3, which 
is a shame, as the Phonon technology 


developed by KDE and integrated into 
Qt should make it easier than ever 
before to make such applications truly 
cross-platform. 

KDE 4 comes with a great selection 
of simple games built in, including the 
likes of Hangman, Battleships and a few 
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more exotic options, such as Mahjongg 
(Figures 8 and 9). Windows includes its 
own applications for playing many of 
these games, but the KDE alternatives 
were highly impressive with beautiful 
artwork. I encountered few problems 
that would give any indication that they 
hadn't been designed for Windows in 
the first place—only some problems 
saving partially completed games due 
to differences between the Linux and 
Windows filesystem structures. 



Figure 8. KMahjongg is beautifully presented 
and very usable on Windows. 



Figure 9. KHangMan comes with a selection 
of nice themes and worked flawlessly. 



Figure 10. The KDE Plasma desktop shell running on 
Windows—attractive, but not yet very functional. 


GOING ALL THE 
WAY: PLASMA ON 
YOUR DESKTOP 

The desktop shell in KDE 
4 on Linux is provided 
by Plasma, a flexible, 
integrated replacement 
for the separate desktop, 
widget and taskbar appli¬ 
cations of KDE 3. It is 
possible to run Plasma 
as the desktop shell on 
Windows, but some major 
features are missing—such 
as a taskbar—and you 
need to make some 
changes to the Windows 
Registry to try it out. In 
fact, trying Plasma on 
Windows really is not a good idea on 
any machine that you care about, 
because once you have made the 
switch, you cannot easily revert it 
from within your KDE Plasma desktop 
session. The safest way to try Plasma 
on Windows is to use a new (and 
disposable) user account in Windows 
running in a virtual machine. If you do 
try it (see the Replacing the Windows 
Desktop Shell with KDE's Plasma side- 
bar for instructions), you'll be presented 
with a pretty KDE desktop (Figure 10) 
to which you can add a few of your 
favorite widgets, such as a clock or the 
KDE menu, run a few KDE applications 
and, well, that's about it. Windows 
programs are entirely inaccessible. 
Although there is a certain wow factor 
to having an almost complete KDE 4 
desktop on your Windows machine, 
using it is not really practical in any 
serious way at present. 


CAN KDE SUCCEED ON WINDOWS? 

Some of the KDE applications are compet¬ 
ing for your attention against better- 
known alternatives that you easily can 
install from a single executable file. KDE's 
Konqueror Web browser, although a fine 
application, finds itself in a very crowded 
market for Windows browsers with 
Internet Explorer already installed and the 
likes of Firefox, Opera, Safari and Google 
Chrome all available as alternatives. The 
potential for some other applications to 
become popular on Windows is, however, 
much higher. Kopete faces only Pidgin 
and the proprietary Trillian messenger as 
serious competition in the market for 
multiprotocol messaging clients. Okular is 
a lightweight but well featured alternative 
to Adobe Reader. Marble is almost in a 
class of its own—the nearest competitor 
perhaps being Google Earth. Kontact, 
the Personal Information Management 
suite, also has potential as a compelling 


REPLACING THE WINDOWS DESKTOP SHELL WITH KDE’S PLASMA 


First, this is a really bad idea and may make your Windows 
system unusable. If you must follow these instructions, use at 
least a spare user account and preferably a disposable install 
in a virtual machine. You have been warned. 

If that has not put you off and you still want to see how Plasma 
looks on Windows, you need to download and run Autoruns 
for Windows from Microsoft (technet.microsoft.com/ 
en-us/sysinternals/bb963902.aspx). 

Next, simply unzip the downloaded archive and run 
autoruns.exe (not autorunsc.exe). 


In the main program window that appears, you then have 
to select the Logon tab and find the entry that references 
explorer.exe. Double-click on that to open the registry editor and 
change the key to replace explorer.exe with the full path to 
plasma-desktop.exe (if you accepted the default KDE install options, 
this is probably C:\Program Files\KDE\bin\plasma-desktop.exe). 

Log out and back in again. You should be presented with a 
pretty but largely nonfunctional Plasma desktop. 

You'll probably have to press the computer reset button 
to escape. 
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Figure 11. KMail, part of the KDE Kontact Personal 
Information Management suite, was able to connect to my 
mail server and download my e-mail. 


cross-platform alternative to existing 
solutions (Figure 11). Mozilla Thunderbird 
is a clear competitor, but it lacks compre¬ 
hensive calendar functionality. Benjamin 
Dietrich, working in IT support at a 
German university, who currently has to 
support many different mail applications 
across the various computing platforms, 
believes Kontact could "provide one 


solution, once it is as mature 
as it is on Linux". However, 
a way to distribute Kontact 
as a self-contained installer 
easily would add to its 
appeal: "a single binary 
installer would be perfect." 

The spread of KDE 
applications to Windows 
also has had benefits for the 
wider KDE Project. Amarok's 
integration with the Last.fm 
music service was largely 
put together by a developer 
who used Windows rather 
than Linux. It is unlikely that 
he would have become 
involved if it had not been 
possible at the time to run 
Amarok on Windows. Getting exposure 
to users on Windows also gives KDE the 
potential to attract users to trying KDE 4 
on Linux and should make the transition 
for such users easier if they already know 
some of the applications. 

CONCLUSION 

The KDE on Windows Project still is quite 


young, and there are plenty of rough 
edges in many of the applications and 
some notable gaps in the application 
line-up. However, the installation process 
works well and is straightforward for 
anyone who has used a package manager 
on Linux. Although the installation 
process is different from that of most 
Windows applications, the installer is 
sufficiently well designed that it should 
not cause problems for most Windows 
users. The recent and continuing work 
to split up applications so that users can 
install exactly what they want also lowers 
the barriers to trying out KDE applications 
in Windows. Some of the applications 
have great potential to fill gaps in the 
Windows application world, particularly 
as free software alternatives to proprietary 
applications. As the project Web site 
freely admits, many of the applications 
may not yet be ready for day-to-day use, 
but they are well worth checking out 
and will only get better.* 


Stuart Jarvis is a scientist and longtime KDE user. He divides his 
time between digging up some of the world’s finest mud and 
regretting ill-judged experiments with pre-release software. 
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RUNNING 

REMOTE 
APPLICATIONS 


Displaying remote 
applications on a local 
system or even controlling 
a remote desktop requires 
little configuration and 
almost no changes to your 
everyday application use. 


O ne of the advantages to 

using a GNU/Linux system is 
the separation of the display 
system from the underlying 
operating system. The Linux desktop has 
at its core the X Window System, a soft¬ 
ware architecture that provides layering of 
display components. Each component pro¬ 
vides its own set of display features. These 
features include the ability to change out 
window managers, directly drive hard¬ 
ware, provide alternative desktop environ¬ 
ments and even remotely display some or 
all of a desktop. 

Most Linux users will be familiar with 
window manager and video display hard¬ 
ware tools, because the desktop paradigm 
has long assumed the user is sitting in 
front of the system running the desktop 
applications. Remote display, although not 
new to the X Window System, is discussed 
less often, because end users were 
thought to have only one system in use. 


But, end-user needs have grown more 
sophisticated, and applications like media 
and Web servers, for example, provide 
ample reasons to manage multiple PCs 
remotely, even within a single household. 

In this article, I discuss the variety of 
methods available to Linux users for run¬ 
ning Linux applications on a remote sys¬ 
tem for display locally. I cover basic config¬ 
uration issues, discuss limitations and 
advantages, consider security implications 
and contrast the reasons for using each 
method. All of the tools discussed in this 
article should be available from any popu¬ 
lar Linux distribution, although package 
names may vary. Examples and discussion 
focus on GNOME-based solutions running 
on Fedora, although similar functionality 
and applications exist for KDE users. This 
article does not specifically address display 
of Mac or Windows applications on Linux 
systems; however, the section on VNC is 
closely applicable. 



MICHAEL J. HAMMEL 
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The GNU/Linux Display Architecture 

From a very high level, the GNU/Linux display system can be 
viewed as three distinct components (Figure 1). At the lowest 
level comes the Linux kernel and the X.org display server and 
its associated libraries (referred to commonly and collectively as 
X11). The display server and kernel work together to provide 
management of the display hardware, and the libraries provide 
higher-level software a convenient means of using them. 


Applications 


Terminals, Games, Graphics (GIMP), Firefox 


Deskto 


GNOME / KDE / XFce, GTK+ / Qt 



Figure 1. The Linux Display System Stack 

The desktop environment sits in the middle of this 
stack. This includes GNOME, KDE and Xfce, the three 
most popular desktop environments. In support of these 
environments are application libraries, such as GTK+ and 
Qt, as well as a variety of other general-purpose libraries 
used by desktop applications. 

Applications sit above the desktop environment. These 
are the actual tools users run to view movies, listen to music, 
communicate with friends and coworkers and purchase 
products from the Internet. 

Remote display of applications is handled by features found 
within the Infrastructure and Desktop layers. Applications 
that run in the desktop and X11 environments can be told 
to display remotely but leave the details of how that is done 
to the underlying layers of the stack. 

There are three methods by which users can run an 
application on a remote system and have it display locally— 
that is, on the screen in front of which they are seated. The 
first method involves the use of the X Display Manager Control 
Protocol (XDMCP). This protocol is part of the X11 specification 
and is implemented on Linux systems using the GNOME 
Desktop Manager (GDM) or when using KDE, by the KDE 
Display Manager (KDM), both of which are replacements for 
the X Display Manager (XDM). This method is focused on 
running individual applications, although there are applications 
that can provide a complete remote desktop. 

The second method relies on OpenSSH support of X11 
protocols. It also is focused on running individual applications 
and is typically easier to configure and use. 


The last method is based on Virtual Network Computing 
(VNC) mechanisms that are operating-system-independent 
and more suited to complete desktop sharing. 

Using XD1V1CP via GDIV1 

In X11 parlance, the server is the thing that manages your 
display hardware, and the client is the application that needs 
the server to display windows. This often confuses people, 
because it's backward from one's normal understanding of the 
terms client and server, as now the server is the computer in 
front of you and the client is the remote computer. 

Most applications on the Linux desktop provide the -display 
command-line option. This option is equivalent to setting 
the DISPLAY environment variable, and it tells X11 clients 
(applications) which X server to display on. The default 
setting is to display on the local server, referenced as :0.0. 

A remote server can be specified by prefixing this value 
with the hostname (or IP address), such as galileo:0.0. 

The reference to galileo:0.0 works only if the host galileo 
is running at least one instance of an X server. 

The use of the -display option is tied to the configuration 
of XDMCP on the X server. XDMCP is the old-school method 
of displaying remote applications on a local display. Most 
old-time UNIX and X11 users are familiar with its use, although 
configuration issues have evolved with the Linux desktop. 

On GNOME systems, XDMCP is controlled by GDM. 
GNOME users are familiar with GDM from the graphical login 
screen. That screen is actually only one part of GDM and not 
related to our discussion. GDM also controls XDMCP usage 
for an X session, otherwise known as a graphical login. The 
graphical login starts a new X server with various options. By 
default, GDM does not permit XDMCP connections to the X 
server from remote client applications. To enable it, edit the 
file /etc/gdm/custom.conf to look like this: 

# GDM configuration storage 
[xdmcp] 

Enable=true 

[chooser] 

[security] 

Di saHowTCP=f alse 
[debug] 

The [xdmcp] section has a single option, Enable, which 
when set to true, allows XDMCP connections. Flowever, 
GDM also needs to be told to allow TCP connections in 
order for the remote applications actually to use XDMCP 
when communicating with the X server. The [security] 
section option DisallowTCP must be set to false in order 
to disable the feature that denies TCP connections. 

Note that XDMCP is the higher-level protocol (the way a 
client application and an X server will communicate), while 
TCP is a lower-level protocol, which for our purposes can 
be defined as the networking port that the communication 
flows through. 

Once configured, restart GDM. You can do so by changing 
the run state to 3 and then back to 5 with the following com¬ 
mands, with a short pause between them recommended. Be 
aware that if you execute the first command in a terminal/shell 
window, the window will disappear, because this command 
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kills the X server. You'll be dropped into a virtual console/terminal, 
at which point, you probably will have to log in to execute the 
second command: 

sudo init 3 
sudo init 5 

Now the local X server is configured to allow remote 
applications to connect to it. One additional step is required to 
specify which hosts have access to the local X server. There are 
two ways to do this. One is to edit the /etc/hosts, a I low and/or 
/etc/hosts.deny files. A simpler method is to run the xhosts 
command after logging in to the local system: 

xhost +<hostname-or-ip> 
xhost -<hostname-or-ip> 
xhost + 

The first command allows a specific host to display locally, and 
the second denies a host. The third method allows any host to 
display locally. This option should be used only on a trusted net¬ 
work, such as your network at home that is behind your firewall. 
The xhost settings are applicable only to the current login session. 

Now, open a terminal window, log in to the remote system 
(preferably with SSH, but Telnet if you must), and start another 
terminal with the display option set to the local X server: 


but displaying on the local X server (on the computer in front 
of you). You can start other applications the same way with 
each appearing as an ordinary window on the local desktop. In 
this way, the remote applications mix seamlessly with the local 
desktop. If for some reason your shell prompt doesn't include 
the name of the host in the prompt, you probably should set it 
so that you know on which system each xterm is running. 

GDM comes with GNOME, so as long as you have GNOME 
installed, you can use this method of remote application 
display. With KDE, you normally would use KDM, but its 
configuration is not covered here. 

Remote Desktops Using Xnest/Xephyr 

The -display option allows a single application to display 
remotely, but what about an entire desktop? It is possible to 
start a graphical login remotely over XDMCP using the Xnest 
or Xephyr X servers. These servers act like application windows 
on your local display but connect to the remote display 
manager (GDM) to offer up a graphical login. GNOME doesn't 
include these servers, and on most Linux distributions, they 
are likely not installed by default. However, if you do a quick 
search of your distribution's software repositories, you should 
find packages similar to these Fedora-specific packages: 
xorg-xl 1-server-Xephyr and xorg-xl 1-server-Xnest. 

After installation, the servers can be run manually to 
connect to a remote system: 


xterm -display galileo:0.0 

The xterm started here is running on the remote system 


Xnest :10 -query <host-with-gdm-configured> -geometry 1024x768 
Xephyr -query <host-with-gdm-configured> -screen 1024x768 :1 


XDMCP Pros and Cons 

PROS: 

■ Uses native XII functionality. 

■ Easy to configure via GDM. 

■ Convenient for use behind a firewall. 

■ Separate X server session. 

CONS: 

■ Does not support video or audio. 

■ Insecure protocol (clear-text passwords under 
XDMCP; considered a security issue in business 
environments). 

■ Native protocol means it's not compatible with 
non-Linux native desktops. 



Figure 2. Xephyr-Based Remote Desktop Running Evolution 

Experiments with both shows that Xephyr (Figure 2), the 
more modern and more actively developed of the two, was 
more stable. Unfortunately, logging out of a session prevented 
further connections. That may be because GDM was config¬ 
ured to allow only a single session from a remote system and 
may be fixed with additional research into GDM configuration. 
In these tests, however, the only solution was to restart GDM 
on the remote host. 

XDMCP via GDM acts as a conduit for remote applications 
to display on a local machine. This means it does not control 
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remote desktops. In fact, there doesn't need to be anyone 
logged in to the remote system at all, although GDM does 
need to be running. Because it doesn't take control of an 
existing X session remotely, it is possible to have a different 
display size on the local display. For example, if the remote 
system provides only a display resolution of 800x600, it still 
would be possible to display at 1024x768 on the local display 
using a Xephyr and a GDM/XDMCP-managed connection. 
It also means you can use different desktop environments 
(GNOME, KDE, Xfce or others) for the remote and locally 
displayed sessions. 

Remote Display via SSH 

By far, the easiest of the three methods for remote application 
display is to use SSH. SSH is the secure shell, a tool for con¬ 
necting to remote systems using encrypted communications. 
Linux systems use the open-source OpenSSH implementation 
of SSH. This package offers X11 Forwarding, a configurable 
option in the server and client (the SSH server and client) that 
end users utilize with the -X command-line option. 

SSH uses a client/server architecture. The server side is 
the remote system, and the client is the local system (the 
configuration that we normally think of as client/server and 
the opposite of X). The remote server must be configured 
to allow X11 forwarding. This is done by enabling the 
X11 Forwarding option in /etc/ssh/sshd_config: 


AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_C0LLATE 
AcceptEnv LC_M0NETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPH0NE 
AcceptEnv LC_MEASUREMENT LC_IDENTIFICATION LC_ALl LANGUAGE 

#AllowAgentForwarding yes 
#AllowTcpForwarding yes 
#GatewayPorts no 
XllForwarding yes 

X11 forwarding also can be enabled on a per-user 
basis in this file by placing the X11 Forwarding option after 
a user specification: 


Match User bilbobaggins 
XllForwarding no 


These changes will not take affect until the SSH server is 
restarted. If your distribution provides it, the service command 
is the easiest way to do this: 

sudo service sshd restart 
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XI lForwarding 

Pros and Cons 

PROS: 

■ Very secure—as secure as SSH. 

■ Simple to configure. 

■ Simple to use. 

■ Works with port forwarding. 

■ Does not require remote GDM or X server to be 
running. 

■ Safest way to display remote app on other side 
of firewall to the local display. 

■ Multiple applications with a single connection. 

■ Can work with video. 


CONS: 

■ Potentially very slow compared to VNC and GDM. 

■ Audio doesn't work. 

■ XII protocol is a bandwidth hog. 


The client-side configuration, found in /etc/ssh/ssh_config, 
requires enabling the Forwardl ITrusted option. This is enabled 
by default on Fedora systems, although other distributions 
may require the option to be enabled manually: 


ForwardXllTrusted yes 


Note that the location of the SSFH client and server con¬ 
figuration files may vary with different Linux distributions. 
Consult the OpenSSH package for your distribution to find 
the configuration files. 

Once the server and client sides are configured for SSH, a user 
can use X11 Forwarding by adding the -X option to an SSH login. 
The -X option passes the required DISPLAY information to remote 
applications, which automatically open on the local display. Note 
that using SSH X11 Forwarding means the remote application 
should not use the -display option nor should the DISPLAY environ¬ 
ment variable be set. SSH will take care of all of that automatically. 


SSH XI lForwarding does not require the remote machine 
to be running GDM or an X server. This means remote systems 
can be run in headless mode, which means they have no 
display at all. Instead, users log in remotely using ssh -X, run 
graphical applications on the remote system and have them 
display locally. This places far less load on the remote system 
than using the GDM-based remote application display. 

Although in most instances, you will need to have an 
X server installed on the remote system, because most X 
applications, which are on the remote system, will need 
the associated X libraries, and most package managers will 
end up installing the entire X server to provide them: 

ssh -X <remote host> 

# login to remote host succeeds... 
xterm -geometry 80x50 

Virtual Network Computing (VNC) 

XDMCP is the old-school method, and SSH is the safe method. 
But, the method best integrated into the desktop is Virtual 
Network Computing (VNC). VNC is a system based on the 
Remote Frame Buffer protocol from Olivetti Research Labs, 
which is available for anyone to implement. This protocol isn't 
based on X11, but lives at a lower level in the Infrastructure 
layer. This means VNC software can work with any desktop 
system, including Linux, Windows and Mac OS/X. With VNC, 
you can display remote Linux desktops next to remote Mac 
desktops on your local display. 

VNC is essentially a protocol definition—it describes how 
something should work. There are numerous implementations 
available for Linux systems. Clients are referred to as viewer 
applications. One open-source implementation is TigerVNC, 
a fork of the popular TightVNC implementation. TigerVNC 
offers both server and client viewers and was created to 
help increase development activity on the project. 

GNOME users will find Vino as the default VNC server and 
Vinagre as the most full-featured client viewer, and they 
are tightly integrated with the desktop, meaning GNOME 
provides menu options to configure and enable both the 
client (Vinagre) and server (Vino). 

VNC Configuration 

Unlike XDMCP/GDM and SSH, VNC is not used to launch 
remote applications for display on the local system. Instead, 
it is used to view and/or grab control of the remote desktop. 
Thus, the remote desktop must already be running. 
Additionally, VNC would not be useful if the remote system 
were running in headless mode, although Xvnc can remove 
this restriction also. Xvnc provides a remote "virtual" X 
server to which VNC clients can connect. Because the 
remote desktop is virtual, Xvnc also can be used to enable 
an alternate remote desktop and/or multiple remote 
desktops, perhaps of different sizes. 

The VNC server must be enabled on the remote system for 
the client viewer to connect to it. The server is configured from 
GNOME using the System^Preferences^Remote Desktop 
menu option. The configuration dialog requires enabling 
desktop sharing, configuring security constraints and setting 
methods of notification (Figure 3). 

Sharing refers to how the desktop will be accessed. Sharing 
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Figure 3. Vino Configuration under GNOME 


is enabled by allowing remote users to view the desktop and, 
if desired, allowing them to take control of the desktop. In the 
latter case, the user of the desktop where the server is enabled 
will no longer be able to use the desktop while the remote 
user controls it. For administration of systems on your local 
network at home, the server should be configured to allow 
other users to control the desktop. 

Under Security, the only option required for home use is 
specifying a password. This password is not encrypted for Vino 
or TigerVNC, so this protection is not very helpful outside of a 
local network protected by a firewall. If the option to confirm 
each connection is set, every time you use a VNC client viewer 
to connect to that machine, you also must walk over to that 
machine to allow the connection. For home use, this option 
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Figure 4. Vinagre Login to Remote Server 
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Figure 5. Vinagre Remote Desktop Display 

should not be set. 

Notifications are a personal preference. Because the idea of 
VNC, at least for our purposes here, is that the server is on a 
machine you don't want to be in front of, the notifications are 
of little use. However, it is helpful to have an icon displayed 
when a connection is active, in case you forget when one 
machine is controlling the one you're trying to use. 

On the client side, the GNOME Vinagre VNC client viewer 
is started from Applications->lnternet-»Remote Desktop 
Viewer. The Vinagre client looks like any other desktop appli¬ 
cation (Figure 4), with a menu bar and an obvious Quit option 
(File-»Quit). This is in contrast to, for example, Xephyr for 
displaying a remote desktop. Vinagre also allows opening con¬ 
nections to multiple remote servers with each remote desktop 
connection accessed by a tabbed folder (Figure 5). This makes 
using VNC very convenient and easy to understand, as it uses 
the usual desktop application widget paradigms. 

VNC: Multihead Using Two Computers 

One of the clever ways to use VNC is to connect the local 
keyboard and mouse to the remote desktop. This simulates a 
multihead configuration where two monitors act as a single 
screen. Using x2vnc, the local computer acts like the first 
monitor, and the remote desktop acts like the second monitor. 
Moving the mouse off the right edge of the local monitor 
moves it into the left edge of the remote desktop. This is 
a clever way of using a laptop to control a MythTV client 
connected to your TV without having to deal with IR remote 
controls or IR keyboard/mouse combinations. For example: 

x2vnc <remote host> -east (or -west, -north, -south) 

Above, the -east option configures the remote desktop to 
act as if were to the right of the local desktop, and -west 
reverses this setup. Various other options are available to 
refine the use of this configuration. 

VNC extensions provide various forms of compression and 
security. These extensions must be supported on both ends of 
the communication. If the server supports these but the client 
does not, VNC still will function between the two but without 
those extensions. 


VNC Pros and Cons 

PROS: 

■ Extremely easy to configure under GNOME, 
especially for a local network (behind firewall). 

■ Can be secured with passwords. 

■ Displays the entire desktop—in fact, it actually 
controls the remote desktop. 

■ Can link single keyboard/mouse to multiple 
computers. 

CONS: 

■ Displays the entire desktop, not just individual 
applications, all within a single window. 

■ Does not support audio or video playback. 

■ Use of multiple ports may require use of setting 
up VPN first to use over the Internet. 

■ Not secure by default. 

■ Remote desktop must be running—login session 
must be active. 


Performance 

From a bandwidth perspective, the use of SSH is likely to 
provide the best performance of these three options, as 
long as only a single remote application is displayed locally. 
GDM-based connections are likely to be roughly similar in 
performance, depending on the compression available in 
the SSH connection and what, if any, compression may be 
configured in GDM. 

VNC has the potential to be the fastest of all three if 
extensions are introduced that compress the frame buffer 
data sufficiently. Because VNC is based on a tile architecture, 
where rectangles of frame buffer memory are resent if they 
have been updated, any compression that improves the 
transfer of tiles will have serious performance implications. 
However, at the time of this writing, there were no such 
extensions currently in use. 

Security 

XDMCP uses UDP port 177, and the X server uses TCP port 
ranges from 6000 + display number. XDMCP also is prone to 
DoS attacks. GDM has some configuration options to address 
this, but XDMCP use still should be considered insecure. 
Therefore, GDM and XDMCP should be limited to use behind 
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firewalls and should not be used across the Internet. 

SSH connections are, by design, secure if properly used. 
Because of built-in encryption, there is no reason SSH 
X11 Forwarding could not be used across the Internet. Note 
that the use of X11 protocols over SSH can be bandwidth¬ 
intensive, and therefore, only a small number of applications 
from the remote system should be displayed locally using SSH. 

VNC can be used across the Internet as long as the remote 
server's firewall forwards port 5900 to that server. VNC does 
not include security extensions by default and, therefore, is 
insecure in nature. Various server implementations provide 
security extensions, but Vino does not. VNC use across the 
Internet using Vino as the server should be done only over 
VPN or SSH connections. 

Choosing a Method 

None of these options support playing media files, such as 
movies or music. I mentioned that media servers could be 
managed remotely, and I stand by that. The management 
of those systems—starting and stopping servers, configuring 
them and so forth—is easily done using any of these methods. 
But, making use of those media provided by those servers is 
best left to streaming media players that connect from the 
local system to the remote servers. 

For home users who need to manage remote systems on 
their local network that sit behind a well configured firewall, VNC 
offers the most complete and easy-to-use option. Home office 


users who need to connect to remote systems may find SSH 
a better option (as this author does). GDM/XDMCP is the least- 
favored solution, because SSH is faster and arguably easier to use 
for single applications, and VNC offers easier-to-use solutions for 
accessing remote desktops. Still, GDM/XDMCP is the only option 
if your needs include starting a new session on a remote system, 
as neither SSH nor VNC supports that type of use.B 


Michael J. Hammel is a Principal Software Engineer for Colorado Engineering, Inc. (CEI), in 
Colorado Springs, Colorado, with more than 20 years of software development and management 
experience. He has written more than 100 articles for numerous on-line and print magazines and 
is the author of three books on The GIMP, the premier open-source graphics editing package. 


Resources 


GDM: projects.gnome.org/gdm 

TigerVNC: tigervnc.org 

Vino: www.gnome.org/~markmc/ 
remote-desktop-2.html 

Vinagre: projects.gnome.org/vinagre 

x2vnc: fredrik.hubbe.net/x2vnc.html 
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The Future 

KDE 

Free Desktop 

Aaron Seigo and Sebastian Kiigler, two leading developers in the 

KDE community, share their ideas on the future of the Free Desktop. | jos poortvliet 


We recently sat down with KDE core developers Aaron Seigo and 
Sebastian Kiigler for an interview. Sebastian lives in the Netherlands, 
works on Plasma and is a board member of the KDE e.V., the 
legal organization behind the KDE community. Aaron is the lead 
developer for Plasma and has been involved in the KDE community 
for more than ten years. He currently lives in Vancouver, Canada. 
We spoke about the future of the Free Desktop—do the developers 
look forward, and what do they see if they do? 


JP: Is looking forward 3-5 years 
something you often do when 
working in free software? 

AS: Well, it depends on the scope of 
things. You can compare this with the 
board game Go; it has very simple rules. 
And most of the time, you just look at 
a small part of the board. But at other 
times, you have to look at the whole 
thing: figure out where you're going. 
Working in free software, we often look 
no further than the next release. But, 
we also need to step back once in a 
while and look five or ten years ahead. 
We don't have the luxury of pure 
research, but we can't stick to the 
immediate future either. Thinking long 
term helps drive what we do in the 
short term! Things like the social desk¬ 
top and the semantic desktop have 
been in development for many years 
and still have years to go before you will 
see them come to fruition. So, maybe 
not every day, but once in a while I do. 
SK: Of course, a lot actually. Years ago, 
when I became a Plasma developer, I had 


two goals in mind: improving power 
management and improving network 
management. Power management has 
been solved since our 4.2 release with 
Powerdevil and the battery widget. We're 
getting there with the Networkmanager 
widget; I expect it to be pretty good with 
4.4. I feel we're currently close to the 
perfect traditional desktop, and it's time 
to go a step further. Focus on a good, 
integrated user interface for new devices 
like media centers, Netbooks and 
phones—devices where the interface is 
an extension of the device itself. And, 
look at new use cases—like integration 
of the Web in the desktop. 

Freeing the Web from 
the Browser 

JP: So what are the most exciting things 
you expect to happen within the next 
five years? 

AS: I see three hot items. First, erasing 
the lines between local content and 
the network, or freeing the Web from 
browser, if you will. And, of course, 


mixing the two, like relating the files 
you have on your PC with your Facebook 
contacts, for example. 

SK: Indeed, this is what we are working 
on with Project Silk. The starting point 
for the browser has been as a way of 
viewing FHTTP pages, a remote document 
viewer. It became interactive with the 
arrival of Web applications. Currently, a 
Web server sends the same Web applica¬ 
tion to every device. These applications 
are designed for five-year-old computers: 
a device with a mouse, keyboard and 
800x600 resolution. But in 2010, typical 
screen sizes vary between high definition 
and smartphone. We have input devices 
like touchscreens, on-screen keyboards 
and more. Those work very differently 
from the traditional computer. For exam¬ 
ple, an interface making use of hover 
won't work without a mouse. Using a 
single font means it will often be either 
too small or too big, and scrollbars are 
impossible to touch on a phone screen. 
The problem is that the Web server does 
not know anything about the device 
you're using. And currently, we're stuck 
with that because data and service are 
tied with the user interface, so everybody 
gets the same, often inadequate Web 
application. Project Silk decouples front 
and back ends, and runs the user inter¬ 
face on the client. The client knows its 
own screen size and resolution, knows 
what input is available, if it has a motion 
sensor and so on, so it can interact with 
the user in a far more friendly way. 

An added advantage of using Silky is 
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that working off-line is easier. Of 
course, we'd love to be on-line 24/7, 
but that won't happen any time soon. 
Having good caching and synchroniza¬ 
tion makes it possible to work faster 
and better, even without a network. 

Social Computing 
AS: The second hot item would be social 
computing. How can we take what we 
have learned from Web 1.0 and 2.0, like 
e-mail, BBS, forums and social-networking 
sites, and make it an integral part of the 
computing experience. It is about people 
and letting them connect—and having 
your computer be aware of you and your 
connections. Who am I, where am I, what 
am I doing? These days, we take our PCs 
with us—think Netbooks, but also smart¬ 
phones. When you bring them, they 
should interact with your environment 
and the people around you. 

SK: The social desktop is strongly related 
to freeing the Web from the browser. We 
get data from the Web and use it in our 
social desktop widgets. This also makes 
it possible to make mashups, remix and 
combine data from different sources. 

Important to making social computing 
possible is to have applications understand 
certain concepts like "this is a friend" and 
"this is a colleague". This is where the 
Semantic Desktop, or Nepomuk initiative, 
comes in. Thanks to Nepomuk, applica¬ 
tions can understand each other while 
talking about complex concepts like 
relations or tasks. Then, you can start to 
integrate social data in the desktop—like 
immediately getting community help from 
within your application, or contacting 
developers, or finding people with similar 
hardware. This makes contributing to and 
working with the community very easy. 
With Web 2.0, the Web went from read¬ 
only to read-write. The desktop basically 
still has to take that step. We do that by 
making our technology more accessible 
with easier development technologies, 
such as scripting and having good docu¬ 
mentation and development tools. And, 
we're using mechanisms to let people 
share content with each other—for exam¬ 
ple, with our GetHotNewStuff framework. 
You easily can upload and download con¬ 
tent like wallpapers, new game levels or 
plugins and extensions right from within 
the application interface. You can rate 
and comment on it—be a community. In 
other words, you're turning everyone into 
contributors by lowering the barrier. 


Mobility 

AS: Third would be the idea of 
increased mobility—having multiple 
devices. FOSS started on the desktop— 
literally being written on desktops—on 
top of or below a desk. Now, we don't 
work only on desktops and laptops, but 
we run our software on phones and 
Netbooks. This is a huge shift but also 
presents new opportunities and opens 
doors. The best thing is that we're not 
separating these devices like our com¬ 
petitors are doing. We don't develop a 
vertical stack on each device like Apple 
and Microsoft do, with different user 
interfaces and widgets, effects, layout 
and everything. We do what the Linux 
kernel did—one kernel for wristwatches 
up to big-iron hardware. We're devel¬ 
oping a horizontal stack, from mobile 
devices all the way up to workstations— 
a device continuum. In part, this is 
possible because technology got more 
sophisticated; mobile devices are now 
more powerful than the average 
desktop was five years ago. The low 
end is fully capable of running our 
desktop stack. 

Coming Together 
SK: The best thing about these three 
trends is that they are coming at the 
same time. They are different but 
complement each other perfectly. You 
can have multiple devices with the 
same software stack, working together 
over the network and aware of your 
social context—blending on-line and 
off-line. Technology-wise, they are 
separate streams, but they create the 
compelling user experience for the 
next ten years. 

AS: For example, Nepomuk initially 
was conceived as the Semantic Web 
technology. We're currently doing this 
on the local computer, but we are ready 
for the Web, storing all the data properly 
to be shared. This then works with the 
Open Desktop Initiative, focusing on 
open and free Web services where you 
are in control of your own data. 

SK: Look at Canonical's Ubuntu One 
service or the Maemo OpenDesktop 
work. The services are coming already. 
The division between computer and the 
Web will become smaller and smaller— 
you can connect your on-line life with 
your local life in an obvious and simple 
way. Users won't even notice, won't 
care. Cool stuff. 


AS: Many of the most exciting things 
going on right now have been on our 
minds for many years. Exploring new 
ideas is like being in a dark room, 
looking for a light switch. You stumble 
around in the dark, bump into things, 
and when you finally find the light 
switch, you already have a pretty good 
idea of the room. Then you see it in 
full light and really realize its potential. 
There is no shortcut to that. Ask any 
researcher—it takes blood, sweat and 
tears. It is 1% inspiration and 99% 
perspiration, to use a cliche. 

Traditional Desktop 

JP: And how about the current desktop, 

is that still being worked on? 

AS: Of course, there is a lot more going 
on. We are not stepping away from 
what we initially wanted to do; we're 
not a ship looking for wind. We are 
still on track, but growing into new 
challenges—challenges that inspire 
people and let us take the next step. 
We're now at tens of millions of users, 
but this will be something people will 
want to use, and it has the potential to 
bring us to the mainstream. 

SK: Well, a question that might come 
up is "Do we want focus or diversity?" 
But in free software, you can have 
both. Some teams work on specific 
innovations like these, but our com¬ 
munity is very diverse in nature, and 
we do lots of other stuff as well. For 
example, for the coming releases, 
the traditional enterprise use cases, 
like groupware and office, have a lot 
of resources behind them. Many 
developers work on digiKam and 
Gwenview for better photo manage¬ 
ment, and KDenlive, a great video 
editing solution. Our educational 
community is growing like never 
before, especially lately in Brazil. The 
KDE games community is working on 
a whole new framework for 2-D and 
3-D games, easily distributable by 
GetHotNewStuff. So yes, the basics 
are covered—in the last 180 days, 
we fixed more than 18,000 bugs! 

So we're working at the crazy rate 
of 100 bugs a day! 

AS: And, so much is going on all the 
time. We have a beautiful community 
here. KDE is currently really a hot spot 
for innovation. All these developers at 
meetings and on-line are talking about 
such cool stuff, the challenge is to tell 
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the world what we're doing. I personally 
see that as a part of my job, besides 
writing code—listening to what people 
are doing and sharing the story! 

SK: Our community has been growing 
a lot lately, and we've actively worked 
on enabling that. We have a very 
open community, with little hierarchy 
and a lot of room for trying new 
things. This is why we're so innova¬ 
tive, and why it's so much fun. We 
also spend a lot of energy on retain¬ 
ing people. Over the last few years, 
we really improved upon the process 
of turning casual contributors into 
core contributors. We have a lot of 
developer sprints, and these work 
incredibly well. It is a good way of 
combining the flexibility and diversity 
of an on-line community with the 
advantages of being with a bunch of 
smart people in one room and knowing 
each other personally. These meetings 
are good for making great technological 
strides, but also for community building. 
We're currently at a rate of one meeting 
somewhere in the world every 2-3 
weeks, besides our two yearly confer¬ 
ences, Camp KDE in the Americas 
and Akademy in Europe. 

Targeting Common Users 
JP: So there are major changes and 
improvements coming to the Free 
Desktop. But will the average user 
care about any of those? 

AS: Ha. Users surely won't say, "I 
want to immerse myself in a socially 
contextual computing experience." 
What people will say, however, is, 
"Hey, I walk into the train station 
and instead of going to the schedule 
board, I look at my phone and use 
the widget that is being broadcast in 
the building." If people see it, they 
will want it and use it. They don't 
think, "I want the same KDE software 
I have on my desktop also on my 
phone", but they will notice that it 
works and looks the same, provides 
the same logical work flow. Our tech¬ 
nology simply provides advantages to 
users—they might have a different 
language from developers, but they 
will enjoy it. We have to focus on 
that. We don't have the luxury of 
doing pure research; it has to benefit 
people and be within their reach. 

SK: I think if you make these features 
very easily accessible, users will use 


them. The best features are noticed only 
when you take them away. For example, 
there is window snapping in KWin, 
a feature we've had since forever. It 
makes windows a little resistant to 
overlapping each other, easing the 
placement of windows—really something 
users don't notice. But, turn it off, and 
their windows feel funny. It's hard to 
place them right. We have hundreds, 
thousands of such small things, we 
almost never advertise them. You can't 
show them in a screencast and barely 
can explain them in person. But they 
make a difference; they make your 
experience just feel better. This is how I 
would like to integrate these features— 
in a way nobody notices. 

AS: Look at a hot topic right now, 
search on the desktop. The direction 
most implementations take is all 
wrong, really. Our competition thinks 
of Google, who is searching the Web, 
going through these billions of docu¬ 
ments. You're looking for something, 
so you fire up the browser, go to this 
page with a search bar, type something 
and find it. The needle in a haystack. 
So this has been brought to the 
desktop. And do people use it? Not 
as much as you might think. They 
still organize files in folders, and use 
recent documents. You don't do a 
random search if you have at least a 
clue of where the file probably is. 

SK: The technology has to be built in 
to applications; there shouldn't be a 
special "search" dialog. You want to 
start with what people are doing— 
who am I, where am I and what do 
I care about. We discussed this in 
2004 when we wanted to get search 
technology moving in KDE. We wanted 
implied searches. Say you download 
photos from your camera, which has 
geo-tagging. When you fire up Marble 
(the KDE Desktop Globe), it shows the 
photos in the spot they were taken. 
That is intuitive. Compare it with 
what Linkedln does—shows you other 
people you might know and want to 
connect to in the sidebar. It 
is unobtrusive, but you notice it when 
it is useful and use it. You might not 
have searched for those people by 
yourself, but Linkedln helped you 
find them anyway. Users will not even 
know they are using it, except that 
they have this icky feeling their 
computers are psychic. 


Disadvantages 

JP: But all this comes with disadvantages, 
right? Like bad performance, privacy 
and security dangers. What are you 
doing to combat those issues? 

SK: Much of this can even improve in 
those areas. Caching and using desktop 
applications makes working with Web 
content faster. And, you easily can keep 
data off-line if you want—this is much 
better when it comes to privacy. 
Decoupling data and the user interface 
also makes sure that only controlled 
code runs locally, so there are less 
runtime security issues, which are 
so typical with on-line applications. 
Add-ons you can download within KDE 
software can be signed cryptographically 
to ensure integrity. Most of what 
Nepomuk does when relating data, it 
does on your own PC, which makes 
it much easier to keep your private 
data private. For many use cases, 
using on-line services is simply not an 
option—think about businesses. They 
can't entrust their data to Google or 
other on-line services, because of either 
internal policy or law. Our technology 
makes it very easy to keep the user in 
control without giving up on features. 
AS: This is the typical innovators' 
dilemma. You try a new, promising 
thing that has never been done, and 
you instantly discover that despite 
good intentions, it doesn't work very 
well in practice. It is buggy, slow, hard 
to use. Why? Because it is new! 
Nepomuk, for example, is now at its 
third storage back end. The first one 
was functional, but insanely slow and 
resource-intensive. No kidding, it was 
a research project. The question the 
first incarnation answered was "Can 
we do this?", not "Does it work 
well?" Currently, we use Virtuoso, 
which represents a huge improvement. 
And now Nepomuk is becoming 
production-ready; individual applica¬ 
tion developers are starting to create 
production-ready code, integrating 
the features. We knew years ago that 
contextual computing was possible, 
but would it work in real life? I believe 
in the ingenuity of people and of our 
community. Nothing about this is 
fundamentally impossible. Even now, 
being so new, it works surprisingly 
well on today's laptops and even 
Netbooks. We still have to migrate it 
down to mobile devices—of course, 
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that's a challenge. Luckily, work is going 
on in that area, and as a backup, we 
always have the cloud. If a local computer 
doesn't have the power to handle it, 
we can move a part of the resource 
usage to the big iron on the Web. 

Commercial Interests 
JP: And is there commercial interest in 
all this, are companies getting involved? 
And, does that work? 

SK: There are three areas where KDE is 
getting commercially very interesting. 
One would be PIM. This has been the 
case for years, and it's being used quite 
a bit in enterprise environments. The 
KDE groupware suite has been devel¬ 
oped with enterprise deployments in 
mind, and in fact, much of that work 
has been contributed by companies 
making money on adapting KDE 
for corporate use cases. Second, 
there is KOffice. It's being deployed 
on the Nokia high-end smartphones 
right now, and this can go in many 
more areas. Third, Plasma is seeing 
commercial interest lately, by device 


manufacturers, for example. 

AS: Well, the more people are involved, 
the bigger the chance something good 
comes out of it. This is what makes FOSS 
work so well. The community is very 
good at experimenting. In a more 
traditional environment, where return 
on investments is key, you have to guess 
before you invest. It can be very hard to 
come up with a good idea in such an 
environment. But we don't guess, we 
just try. What works, sticks. Bringing in 
commercial interests is good; it brings in 
more people, more creativity and differ¬ 
ent perspectives too. And, they are willing 
to work on things volunteers might not 
like—like Bluetooth support. A Nepomuk 
researcher in France isn't interested in 
that, but Maemo developers are. The 
challenge is to integrate it all—research, 
experimentation and commercial 
results—in one community. We're 
doing very well at it, I would say. We 
have lots of people coming in lately, 
new commercial ventures, large, 
entrepreneurial. If we can keep our culture 
intact, this will lead to great things!* 


Jos Poortvliet is a leading member of the KDE marketing team 
and has been promoting KDE at conferences and in writing for 
the past six years. He is an organizational psychologist by 
profession, lives in the Netherlands and works as a business 
consultant at a major financial institution. 


Resources 


KDE: kde.org 

openDesktop.org: opendesktop.org 

Social Desktop: socialdesktop.org 

Nepomuk, the Social Semantic 
Desktop: nepomuk.kde.org 

Plasma: plasma.kde.org 

KDE TechBase, Project Silk: 

techbase.kde.org/Projects/Silk 

Camp KDE 2010: camp.kde.org 
Akademy 2010: akademy.kde.org 
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Re-invent Your Desktop 


Plasma! 



Don’t settle for a desktop that came out of 
a box; find out how to write your own Plasma 
widgets (aka plasmoids) and give your desktop 
a shot in the arm or a kick in the you-know-what. 

Riccardo laconelli 


lasma is one of the most exciting technologies KDE 4 has 
brought to life. It often is considered to be merely the 
desktop shell of KDE 4, but in reality, it is so much more. 

We are just starting to see the full potential of Plasma, but 
it's already being used by some of the best KDE applications. 
Amarok, for example, uses it in so-called context view, and the 
Plasma packaging system is widely used in conjunction with 
GetHotNewStuff technology. Plasma's main goal is to provide 
a powerful framework you can use to build your own Uls. All 
of this is possible because the Plasma libraries are not tied to 
a specific use case. Instead of housing all the desktop-related 
code in the plasma-desktop binary, the majority of it is contained 
in desktop-specific plugins. That is why the desktop shell itself 
is just a few hundred lines of code, but it uses thousands of 
lines of code located in the Plasma libraries. 

Why C++ and Not JavaScript? 

Although JavaScript bindings are the official language for 
widget authoring, for security reasons, its subset of functions 
is limited to the Plasma API, and it gives the programmer no 
access to pure Qt or KDE components. JavaScript plasmoids are 
great if you want your widget to be installable as an add-on 
easily and securely, in which case the bindings are complete 
enough to give you access to most of the functions you will 
ever need. JavaScript bindings also offer an extremely easy 
approach to the API. There are less problems related to packag¬ 
ing, and JavaScript is (usually) a less difficult language to use. 


However, I'm going to introduce you to a C++ plasmoid, 
because the JavaScript API is quite new, and most widgets to 
date have been written in C++. For this reason, you're likely 
to find more code examples or help for C++ plasmoids. 

Nonetheless, we expect more and more JavaScript compo¬ 
nents to be produced over time, especially after the release of 
KDE 4.4. And, as the API remains very similar, it shouldn't be 
difficult to migrate your knowledge of C++ to JavaScript. 

Ruby, Python (including Edje support) and C# bindings are 
also production-ready and offer access to the full C++ API, but 
if you use them for your component, only users having the 
kdebindings package installed will be able to use it. JavaScript 
bindings are the only ones shipped with the Plasma libraries 
and are currently the only ones officially suggested. 

Understanding Plasma's Design 

We created Plasma with development flexibility in mind. The 
basic idea is that to write simple things, you shouldn't need 
more than what is necessary for actual functionality. 

This approach should be very scalable and not limiting— 
meaning you should be able to extend, tweak and experiment 
with user interaction without destroying any work previously 
done or re-inventing the wheel. To achieve this, Plasma has 
separated the mechanisms of getting the data from the 
visualization itself. This approach is commonly known as 
the Model View approach. 

In this tutorial, I create a plasmoid for providing a visualization 
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of an RSS source. The C++ class that represents the base class 
for the visualization will be called Plasma::Applet. I also briefly 
overview the other classes later in the article, and I assume that 
you know some basic Qt programming techniques. If that is not 
the case, however, check out some of the many tutorials you 
can find on-line. I make references mainly to basic things like 
QString or the Signal/Slot mechanism in this article. 

Writing Your First Lines of Code 

I'll get to the instructions to build the plasmoid later; first, 

I want to give a brief overview of the most significant parts 
of the code. You can download the full source code from 
ftp.linuxjournal.com/pub/lj/listings/issue190/10638.tgz. 

I don't cover the CMake configuration file in this article, but 
you can find it in the tarball complete with comments. 

All KDE plugins and extensions, as well as application 
launchers, are described in the files with the .desktop exten¬ 
sion. First, you need a .desktop file for this tutorial. This file 
contains the data used by KDE to show the applet to the user, 
and it contains the plasmoid's name, description and credits. A 
minimal desktop file for this example plasmoid looks like this: 

# plasma-applet-exampleplasmoid.desktop 

[Desktop Entry] 

Name=RSS 


Comment=An RSS Plasmoid 
Icon=application-x-plasma 
Type=Service 

X-KDE-ServiceTypes=Plasma/Applet 
X-KDE-Library=plasma_applet_plasmoid 
X-KDE-Pluginlnfo-Name=plasmoid 

The first lines are fairly obvious. They provide a human- 
readable name and description and an icon. The following 
lines tell the system what kind of plugin it is. The important 
line here is the X-KDE-Pluginlnfo-Name. This line tells the 
KDE internals what the plugin's name is (this is used as an 
argument to plasmoidviewer to preview your plasmoid). 
Note that this name cannot contain any special characters. 
Make sure the name of this file matches the pattern 
plasma-applet-*.desktop. 

Next, let's look at the source code for a very simple 
plasmoid, with the minimum amount of code needed to 
make it valid, such that it actually will compile and load. 
First, the header: 

// plasmoid.h 
#ifndef PLASMOID_HEADER 
#define PLASMOID_HEADER 

#include <Plasma/Applet> 



ConFoo.CA 

web techno conference 



March 10th to 12th, 2010 - Montreal, Canada 


Work more efficiently 
with Web Technologies. 


All Linux Journal readers benefit 
from a $100 discount! 

Register online: http://ConFoo.ca/lj2010 

Registration deadline: February 20th, 2010 


PHP, Python, Ruby, Java, .Net, 
Web Standards, Security, 
Open Source, Databases, 
Optimization, Web Services, 
Design Paterns, RIA, Usability, 
Project Management, SEO, 
CMS, Frameworks, Ajax, 
Testing, Social Networking 


Organised by: 



PHP 

Quebec 

Conference 




Mflntreal.rb 

La communaute Ruby de Montreal 
Montreal's Ruby Community 




















FEATURE Re-invent Your Desktop with Plasma! 


class Plasmoid: public Plasma::Applet 

{ 

Q_0BJ ECT 

public: 

Plasmoid(QObject *parent, const QVariantList &args); 

-Plasmoid(); 

}; 

// This is the command that links your applet to the .desktop file 

K_EXPORT_PLASMA_APPLET(plasmoid, Plasmoid) 

#endif 

As you can see, this is a pretty simple class derived from 

Plasma::Applet. A few interesting things to note: 

■ The first two lines (and the last one) are the common trick 
for ensuring that the header file doesn't get loaded multiple 
times—meaning you will have no compiler errors due to that. 

■ The Q_OBJECT macro is inserted because you need to 
make use of slots later on (the signal/slot paradigm is a 
Qt feature, and any introduction to Qt should explain it 
if you're not familiar with it). 

■ The K_EXPORT_PLASMA_APPLET macro is what actually 
exports the plasmoid (and, therefore, makes it displayable). 
You can find more information on this macro on TechBase 
(see Resources). 

Now, here's the actual implementation: 

#include "plasmoid.h" 

Plasmoid::Plasmoid(QObject ^parent, const QVariantList &args) 

: Plasma::Applet(parent, args) 



Si_ 

Figure 1. First Run of the Applet 


{ 

} 

Plasmoid::~Plasmoid() 

{ 

} 

#include "plasmoid.moc" 

For now, this plasmoid doesn't do anything beyond displaying 
its own background. If you were to compile it and preview your 
work with plasmoidviewer, you would see what looks like Figure 1. 

It's a bit boring perhaps, but on the other hand, it compiles 
and runs. Now, let's inject some cool features. 

To get some new data, you should be familiar with another 
Plasma component, the DataEngine. This class is the base class 
that the applet uses to interact with the rest of the world. It 
mainly is used to fetch data from different sources. DataEngine 
is a read-only object. Its read/write counterpart is the Service 
class, which is used in cases where user input can modify the 
environment outside the plasmoid itself (think of Web services, 
for example). Just like Applets, additional DataEngines and 
Services can be written and installed by the user. It's simple to 
connect to a data engine from within an applet; you just need 
to add the following line: 

Plasma::Applet::dataEngine("rss")-> 

connectSource("http://dot.kde.org/rss.xml", this); 

In this case, rss is the name of the data engine you want 
to invoke. The first argument of connectSource() is the source 
name (in this case, the URL of the feed you want), and the 
second argument is the object that should be updated when 
the data engine receives new data. Another data engine 
example would be the Time data engine, and you would 
connect it with the following code: 

timeEngine->connectSource("Local", this); 

Local, in this case, means the local time zone. This, however, 
will update only once. To make it update itself automatically 
(and update your plasmoid) every second, you would have to 
write something like this: 

timeEngine->connectSource("Local", this, 1000); 

The third parameter, if present, specifies how often (in mil¬ 
liseconds) you should request an update from the source. Note 
that the source also can decide to update itself independently. 

You also can connect several data engines to one single 
object; just make sure to check the sourceName in the 
dataUpdated function (see below) when the update occurs. 

You can get a list of the available engines and their 
structure with a plasma tool called PlasmaEngineExplorer. 
Run the following command inside your terminal: 

plasmaengineexplorer 

This will show you a rather large list of engines from which 
to choose for building your plasmoid. Find one that inspires 
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you and start hacking on it. To know what structure the data 
engine gives you, you either can use the engine explorer, look 
at another applet's source code, or even explore the data 
engine source code itself. 

To give your plasmoid the data, the DataEngine tries to call 
a slot with the following signature: 


setLayout(layout); 

A QGraphicsLayout will resize and align all the widgets it 
contains automatically. Linear and Grid layouts also are avail¬ 
able. Now, include a Plasma::Label as a member in the header, 
initialize it and add it to the layout, like so: 


void datallpdated (const QString &sourceName, 

const Plasma::DataEngine::Data &data) 


m_rssTitle = new Plasma::Label(this); 
layout->addItem(m_rssTitie); 


Add this function (method) to your Plasmoid class with the 
following code (don't forget the declaration in the header file): 


void Plasmoid: : datallpdated (const QString &sourceName, 

const Plasma::DataEngine::Data &data) 

{ 

QMap<QString, QVariant> 

item = data ["items"]. toListQ . f i rst (). toMapQ ; 
QString title = item["titie"].toStringQ ; 

QString feedtitle = itern["feed_titie"].toStringQ ; 


DataEngine is type-agnostic; it stores all of its data in 
QVariants. It's your responsibility to know what data to expect 
and to convert it accordingly. In this case, the data is a QList of 
QVariants (each item) that in reality is a map. You take the first 
element and convert it to a QMap. Then, you extract the title 
and the feed title and store them in QStrings. That is all you 
need to get the data from any RSS feed. 

So now, you've got the data, but how do you display it? 
With Plasma, it's a piece of cake! 

The Plasma team has created several useful widgets that 
can be utilized in an applet. What you need in this case is a 
label. First, create a simple linear layout for the plasmoid in the 
constructor, like this: 


QGraphicsLinearLayout ^layout = new QGraphicsLinearLayout(this); 


0 RS5 e © ® © 

Most recent news from KDE.news 
KDE 4.3.3 Out Now: Clockwork 


Figure 2. Plasmoid Widget in Its Full Glory 


Finally, add the following lines to dataUpdated(): 


QString text = "Most recent news from <b>"+feedtitle+"</b>:"; 
text += "<br /><br />"+title; 
m_rssTitle->setText(text); 


Note that you don't need to destroy/free any objects, 
because every object that has a parent (assigned on creation 
by passing an argument to the constructor) is deleted auto¬ 
matically by Qt's garbage-collection system. 

If you compile your applet now, and everything has gone 
well, you should see something like Figure 2 when launching 
the plasmoidviewer. 

When the DataEngine fetches new data, your plasmoid will 
be updated automatically. 
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Build Environment 

For your build to succeed, you must have the Qt4 and KDE 
development libraries, cmake and the usual compilation tools, 
such as make, g++ and so on, installed onto your system. 

Note that this tutorial assumes a KDE version greater than or 
equal to 4.3. 

To build your plasmoid, change directory to your plasmoid, 
and issue the following commands: 


mkdir build 

cmake -DCMAKE_INSTALL_PREFIX='kde4-config --prefix' .. 
make 

sudo make install 

Note the backticks (") in the cmake command, which 
mean "substitute here the result of the evaluation of the 
quoted command". 

The first time you test the plasmoid, you'll have to refresh 
the KDE configuration cache by issuing the command: 

kbuildsycoca4 --noincremental 

You'll also need to run this command any time you make 
modifications to the plasmoid desktop file. 

To test the plasmoid, run the following command: 
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plasmoidviewer plasmoid 

Plasmoidviewer is a little test application that makes it easy 
to load and play with a single plasmoid without having to 
restart your desktop every time. 

Writing Other Types of Plasmoids 

In this tutorial, I've explained how to write a simple plasmoid 
from scratch, but I've barely scratched the surface. As I mentioned 
previously. Plasma is all about plugins, and writing other types 
of plasmoids is just as easy. You can, for example, write your 
own "containment". Containments are a subset of applets, 
which are built to contain other applets. The panel, the 
desktop, or the "folder view" are all examples of containments. 
Being applets, they also can be used like regular applets 
wherever that makes sense. 

You can write wallpapers, which are plugins that draw a 
containment's background. With these, you can draw a simple 
image or a more complex rendering, such as a Mandelbrot 
fractal or even an animated (and intractable) Earth globe! 

You also can create a plasma theme, which changes the 
look and feel of all the applets through the usage of SVGs. 

Apart from visualization, you can write a DataEngine 
and/or an associated Service to be able to gather information 
from the rest of the world. You can make a Runner, which is 
a plugin that responds to user queries—from "3+2" to "run 
command x" to "google for x" to "shut down the PC". These 
are then accessible from Krunner, from menus, or even from 
your own applet! 

All of this also is accessible through scripted languages, be 
it JavaScript, Ruby, Python or many others. And obviously, you 
can invent your own binding to Plasma by re-implementing a 
ScriptEngine, which has been done, for example, to be able to 
load simple Apple Dashboard or Edje widgets. 

As you can see, there are almost infinite possibilities for 
expressing your creativity, and all this goodness is exposed 
through an intuitive and powerful API. 

A Quick Look into the Future 

This article was written in October 2009, when the stable 
version of KDE was 4.3, and Qt was at version 4.5. By the 
time you read this, however, both Qt 4.6 and KDE 4.4 
should be available, so let's briefly outline what possibilities 
these new versions will offer: 

■ First, Qt introduces a new animation framework, some¬ 
times referred to as Qt Kinetic, which makes animations 
in our plasmoids trivial. You will be able to decide what 
should be animated, how that element should look at 
the start of the animation (for example, be at position 
0,0) and how it should look at the end of it (for example, 
be at position 100,20, rotated 20 degrees and scaled 
by a factor 2), and everything will be taken care of 

for you. For more information, take a look at the Qt 
documentation (see Resources). 

■ Anchor layouts, a minor improvement in Qt that might 
nonetheless save you from major headaches, are designed 
to make it possible to achieve many visual presentations 
with less effort. 
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Resources 


■ Remote plasmoids is one of the most interesting things 
that KDE 4.4 will bring. This technology has been devel¬ 
oped as a Google Summer of Code Project, and it allows 
you to transport applets, data engines and services over 
the network transparently. Without any more code than 
what you would write for a local component, you will 
be able (because of compression and caching algorithms) 
to distribute services and content between any HTTP-capable 
machine efficiently. Ideas include writing a lightweight 
server application that distributes plasmoids and/or 
content directly from a Web server, without requiring 
any graphical interface on it or perhaps built directly 
into your Web 2.0 application. The API to interact with 
this technology is, in fact, extremely simple and has a 
very small runtime requirement. 

Conclusion 

There's so much more to say about Plasma and its technologies, 
but I'm out of space. The Resources for this article include 
many useful references to help make your desktop (or whatever 
your Plasma is running on) a better place. ■ 


Riccardo laconelli has been a KDE developer since 2005. He is one of the core Plasma developers, 
and he is part of the team that gave birth to the project. Riccardo also is a member of the Oxygen 
team, the project that strives to bring beauty to KDE 4. working both on the code and the artwork. 
He currently is attending his last year of high school in Milano. Italy. 


Complete Qt documentation, with tutorials and examples is at 

doc.qt.nokia.com. 

The full KDE API documentation is accessible at api.kde.org, 

TechBase, a wiki for KDE developers can be found at techbase.kde.org. 

Another great introductory tutorial is techbase.kde.org/ 
index.php7title=Development/Tutorials/Plasma/GettingStarted. 

All other Plasma tutorials (including tutorials for non-C++ languages) are at 

techbase.kde.org/index.php?title=Development/Tutorials/Plasma. 

The KDE examples module, a new KDE module released with KDE 4.4, 
contains example code, including (but not limited to) Plasma plugins. Your 
distribution should have packages available, but if not, you can browse the 
SVN repository via websvn.kde.org/trunk/KDE/kdeexamples, or you 
can download a tarball from ftp.kde.org/pub/kde/stable/latest/src. 

The full source code for the applet described in this article is available at 

ftp.linuxjournal.com/pub/lj/listings/issuel 90/10638.tgz. 

You can contact the Plasma developers and applet writers via the mailing list 
plasma-devel@kde.org, or by joining the #plasma channel on the Freenode 
IRC network. Don't hesitate to contact us if you need some help! 
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The Google Exposure 

Neither Google nor its business model are trees that grow to the sky. 

DOC SEARLS 



Advertising is a bubble. If that's a true 
statement, Google is a bubble too. And 
if that's true, many of the goods we 
take for granted on the Web are at risk. 
Let's run down some evidence. 

Google has more than a million 
servers. The company is notoriously 
silent on the exact number, but I was 
told by a Google official that it was 
headed toward a million in the next 
couple years—and that was seven 
years ago. For a peek at the future, 

Jeff Dean of Google gave a presenta¬ 
tion at an ACM workshop in October 
2009, outlining "Spanner", a "storage 
and computation system that spans 
all our data centers". His "design 
goals" slide described a "future scale" 
with "~10 6 to 10 7 machines, ~10 13 
directories, ~10 18 bytes of storage, 
spread at 100s to 1000s of locations 
around the world...." 

Google's data centers are already 
public utilities on the scale of coal-fired 
power plants. Google is silent about the 
number and size of these as well. In 
March 2008, Rich Miller of Data Center 
Knowledge wrote, "The conventional 
wisdom is that Google has dozens of 
data centers. We're aware of at least 
12 significant Google data center 
installations in the United States, with 
another three under construction." 

Those data centers serve enormous 
sums of traffic. According to the ATLAS 
Internet Observatory 2009 Annual 
Report, Google has reached #3 among 
the top ten "Tier 1" Internet backbone 
providers last year. Just two years 
earlier, Google wasn't on the list. As 
a Tier 1 player, Google "peers" with 
others on the list. That means they pay 
nothing to each other for data transit. 
Tier 1 status is more a matter of traffic 
rather than physical fiber backbone. 
Google has plenty of backbone, but 
where it rules is with traffic. 

The greatest source of inbound 
traffic for most Web sites has long 


been search engines, where Google 
has a near monopoly. Consider the 
case of StackOverflow.com. Last year 
it reported, "83% of our total traffic 
is from search engines, or rather, one 
particular search engine". Google 
was first with 3,417,919. Yahoo 
was second with 9,779. 

To some big-old business categories, 
Google's threat is apocalyptic. Take 
geographic data. For many years, 
NAVTEQ and Tele-Atlas have enjoyed 
something of a duopoly in the geo¬ 
business, providing data to GPS com¬ 
panies, car companies, avionics manu¬ 
facturers and so on. When you looked 
at Google Maps, you saw NAVTEQ's 
or Tele-Atlas' logo. That ended last 
October, when Google dumped 
Tele-Atlas, just like it had dumped NAVTEQ 
earlier, as a source of US map data. 

As it does in so many other business 
categories, Google is now giving its 
US geo data away for free—or less. 

Bill Gurley reports, "Google will pay 
you to use its mobile OS. I like to call 
this the 'less than free' business model. 
This is a remarkable card to play. 
Because of its dominance in search, 
Google has ad rates that blow away 
the competition." Sound familiar? It's 
roughly the same thing Microsoft did 
to the browser business. It eliminated 
that business by offering Internet 
Explorer for free. Back then, however, 
the browser business was new and 
small. Google goes for bigger game, 
such as the phone business. 

Android might be the most apoca¬ 
lyptic move ever laid on a standing 
industry. First, Google creates an open 
phone design on a Linux platform, lines 
up a pile of handset makers behind it 
and then works deals with carriers as 
well. I've done a lot of consulting work 
in the telco world over the last few 
years, and here's the most graphic way 
I've heard Google's approach to the 
industry explained: "Google feeds a 


dock rope down the gullet of the mon¬ 
ster, waits for the rope to come out the 
back end, and then yanks it straight." 

Of course, the phone business needs 
some straightening. We're long overdue 
for white-box phones and data paths 
that look and feel like the real Internet, 
rather than billed phone connections. 
I've got no problem with Google 
hastening history there. 

I'm just worried about the way 
Google makes money. Nearly all of it 
comes from advertising. That's what 
pays for all the infrastructure Google 
is giving to the rest of us. As our 
dependency on Google verges on 
the absolute, this should be a concern. 

Think of advertising as oil and 
Google as one big emirate. What 
happens when the oil runs out? 

Maybe it already is. Citing a 
"Natural Born Clickers" study by 
ComScore and Starcoma, Ad Age last 
year reported that "the number of 
people online who click display ads has 
dropped 50% in less than two years, 
and only 8% of Internet users account 
for 85% of all clicks...What's more, the 
8% of Internet users that compose a 
majority of clicks is also down by half 
from the last study, which found 16% 
are responsible for 80% of clicks. The 
2008 study found half of all clicks come 
from lower-income young adults." 

The free rides won't go on forever. 
There are better ways than advertising 
for demand and supply to find each 
other (including search, which is free), 
and more will be found. Google will be 
in the middle of that discovery process, 
no doubt. But it's an open question 
whether Google will make the same 
kind of money in a post-advertising 
marketplace. I'm betting they won't. ■ 


Doc Searls is Senior Editor of Linux Journal. He is also a 
fellow with the Berkman Center for Internet and Society at 
Harvard University and the Center for Information Technology 
and Society at UC Santa Barbara. 
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